[mirror_lxc.git] / src / tests / lxc-test-usernic.in

#!/bin/bash

# lxc: linux Container library

# Authors:
# Serge Hallyn <serge.hallyn@ubuntu.com>
#
# This is a test script for the lxc-user-nic program

# This library is free software; you can redistribute it and/or
# modify it under the terms of the GNU Lesser General Public
# License as published by the Free Software Foundation; either
# version 2.1 of the License, or (at your option) any later version.

# This library is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
# Lesser General Public License for more details.

# You should have received a copy of the GNU Lesser General Public
# License along with this library; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA

# This test assumes an Ubuntu host

DONE=0
KNOWN_RELEASES="precise trusty xenial yakkety zesty"
LXC_USER_NIC="@LIBEXECDIR@/lxc/lxc-user-nic"

cleanup() {
	set +e

	(
		lxc-stop -n usernic-c1 -k
		lxc-destroy -n usernic-c1

		sed -i '/usernic-user/d' /run/lxc/nics /etc/lxc/lxc-usernet
		ifconfig usernic-br0 down
		ifconfig usernic-br1 down
		brctl delbr usernic-br0
		brctl delbr usernic-br1

		run_cmd "lxc-stop -n b1 -k"
		pkill -u $(id -u usernic-user) -9

		rm -rf /tmp/usernic-test /home/usernic-user /run/user/$(id -u usernic-user)

		deluser usernic-user
	) >/dev/null 2>&1

	if [ "$DONE" = "1" ]; then
		echo "PASS"
		exit 0
	fi

	echo "FAIL"
	exit 1
}

run_cmd() {
	sudo -i -u usernic-user \
	    env http_proxy=${http_proxy:-} https_proxy=${https_proxy:-} \
	        XDG_RUNTIME_DIR=/run/user/$(id -u usernic-user) $*
}

ARCH=i386
if type dpkg >/dev/null 2>&1; then
	ARCH=$(dpkg --print-architecture)
fi

set -eu
trap cleanup EXIT SIGHUP SIGINT SIGTERM

# create a test user
deluser usernic-user || true
useradd usernic-user
sudo mkdir -p /home/usernic-user
sudo chown usernic-user: /home/usernic-user
usermod -v 910000-919999 -w 910000-919999 usernic-user

mkdir -p /home/usernic-user/.config/lxc/
cat > /home/usernic-user/.config/lxc/default.conf << EOF
lxc.net.0.type = empty
lxc.idmap = u 0 910000 10000
lxc.idmap = g 0 910000 10000
EOF

if which cgm >/dev/null 2>&1; then
	cgm create all usernic-user
	cgm chown all usernic-user $(id -u usernic-user) $(id -g usernic-user)
	cgm movepid all usernic-user $$
elif [ -e /sys/fs/cgroup/cgmanager/sock ]; then
	for d in $(cut -d : -f 2 /proc/self/cgroup); do
		dbus-send --print-reply --address=unix:path=/sys/fs/cgroup/cgmanager/sock \
			--type=method_call /org/linuxcontainers/cgmanager org.linuxcontainers.cgmanager0_0.Create \
			string:$d string:usernic-user >/dev/null

		dbus-send --print-reply --address=unix:path=/sys/fs/cgroup/cgmanager/sock \
			--type=method_call /org/linuxcontainers/cgmanager org.linuxcontainers.cgmanager0_0.Chown \
			string:$d string:usernic-user int32:$(id -u usernic-user) int32:$(id -g usernic-user) >/dev/null

		dbus-send --print-reply --address=unix:path=/sys/fs/cgroup/cgmanager/sock \
			--type=method_call /org/linuxcontainers/cgmanager org.linuxcontainers.cgmanager0_0.MovePid \
			string:$d string:usernic-user int32:$$ >/dev/null
	done
else
	for d in /sys/fs/cgroup/*; do
		[ -f $d/cgroup.clone_children ] && echo 1 > $d/cgroup.clone_children
		[ ! -d $d/lxctest ] && mkdir $d/lxctest
		chown -R usernic-user: $d/lxctest
		echo $$ > $d/lxctest/tasks
	done
fi

mkdir -p /run/user/$(id -u usernic-user)
chown -R usernic-user: /run/user/$(id -u usernic-user) /home/usernic-user

# Copy the download template cache if available
run_cmd "mkdir -p /home/usernic-user/.cache/lxc"
[ -d /var/cache/lxc/download ] && \
    cp -R /var/cache/lxc/download /home/usernic-user/.cache/lxc && \
    chown -R usernic-user: /home/usernic-user/.cache/lxc


# Create two test bridges
brctl addbr usernic-br0
brctl addbr usernic-br1
ifconfig usernic-br0 0.0.0.0 up
ifconfig usernic-br1 0.0.0.0 up

ARCH=i386
if type dpkg >/dev/null 2>&1; then
	ARCH=$(dpkg --print-architecture)
fi

# default release is trusty, or the systems release if recognized
release=trusty
if [ -f /etc/lsb-release ]; then
    . /etc/lsb-release
    rels=$(ubuntu-distro-info --supported 2>/dev/null) ||
        rels="$KNOWN_RELEASES"
    for r in $rels; do
        [ "$DISTRIB_CODENAME" = "$r" ] && release="$r"
    done
fi

# Create three containers
run_cmd "lxc-create -t download -n b1 -- -d ubuntu -r $release -a $ARCH"
run_cmd "lxc-start -n b1 -d"
p1=$(run_cmd "lxc-info -n b1 -p -H")

lxcpath=/home/usernic-user/.local/share/lxc
lxcname=b1

# Assign one veth, should fail as no allowed entries yet
if run_cmd "$LXC_USER_NIC create $lxcpath $lxcname $p1 veth usernic-br0 xx1"; then
	echo "FAIL: able to create nic with no entries"
	exit 1
fi

# Give him a quota of two
touch /etc/lxc/lxc-usernet
sed -i '/^usernic-user/d' /etc/lxc/lxc-usernet
echo "usernic-user veth usernic-br0 2" >> /etc/lxc/lxc-usernet

# Assign one veth to second bridge, should fail
if run_cmd "$LXC_USER_NIC create $lxcpath $lxcname $p1 veth usernic-br1 xx1"; then
	echo "FAIL: able to create nic with no entries"
	exit 1
fi

# Assign two veths, should succeed
if ! run_cmd "$LXC_USER_NIC create $lxcpath $lxcname $p1 veth usernic-br0 xx2"; then
	echo "FAIL: unable to create first nic"
	exit 1
fi

if ! run_cmd "$LXC_USER_NIC create $lxcpath $lxcname $p1 veth usernic-br0 xx3"; then
	echo "FAIL: unable to create second nic"
	exit 1
fi

# Assign one more veth, should fail.
if run_cmd "$LXC_USER_NIC create $lxcpath $lxcname $p1 veth usernic-br0 xx4"; then
	echo "FAIL: able to create third nic"
	exit 1
fi

# Shut down and restart the container, should be able to assign more nics
run_cmd "lxc-stop -n b1 -k"
run_cmd "lxc-start -n b1 -d"
p1=$(run_cmd "lxc-info -n b1 -p -H")

if ! run_cmd "$LXC_USER_NIC create $lxcpath $lxcname $p1 veth usernic-br0 xx5"; then
	echo "FAIL: unable to create nic after destroying the old"
	cleanup 1
fi

run_cmd "lxc-stop -n b1 -k"

# Create a root-owned ns
lxc-create -t busybox -n usernic-c1
lxc-start -n usernic-c1 -d
p2=$(lxc-info -n usernic-c1 -p -H)

# assign veth to it - should fail
if run_cmd "$LXC_USER_NIC create $lxcpath $lxcname $p2 veth usernic-br0 xx6"; then
	echo "FAIL: able to attach nic to root-owned container"
	cleanup 1
fi

echo "All tests passed"
DONE=1
Commit	Line	Data
20ab58c7 SH	1	#!/bin/bash
	2
	3	# lxc: linux Container library
	4
	5	# Authors:
	6	# Serge Hallyn <serge.hallyn@ubuntu.com>
	7	#
	8	# This is a test script for the lxc-user-nic program
	9
	10	# This library is free software; you can redistribute it and/or
	11	# modify it under the terms of the GNU Lesser General Public
	12	# License as published by the Free Software Foundation; either
	13	# version 2.1 of the License, or (at your option) any later version.
	14
	15	# This library is distributed in the hope that it will be useful,
	16	# but WITHOUT ANY WARRANTY; without even the implied warranty of
	17	# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	18	# Lesser General Public License for more details.
	19
	20	# You should have received a copy of the GNU Lesser General Public
	21	# License along with this library; if not, write to the Free Software
250b1eec	22	# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
20ab58c7	23
061ba5d0 SG	24	# This test assumes an Ubuntu host
061ba5d0 SG	25
0e17b9c6	26	DONE=0
0815a592	27	KNOWN_RELEASES="precise trusty xenial yakkety zesty"
8cb8e496	28	LXC_USER_NIC="@LIBEXECDIR@/lxc/lxc-user-nic"
0e17b9c6	29
8befa924	30	cleanup() {
9c50a526	31	set +e
0e17b9c6	32
9c50a526	33	(
c85a40bc	34	lxc-stop -n usernic-c1 -k
0e17b9c6 SG	35	lxc-destroy -n usernic-c1
0e17b9c6 SG	36
061ba5d0	37	sed -i '/usernic-user/d' /run/lxc/nics /etc/lxc/lxc-usernet
0e17b9c6 SG	38	ifconfig usernic-br0 down
	39	ifconfig usernic-br1 down
	40	brctl delbr usernic-br0
	41	brctl delbr usernic-br1
	42
c85a40bc	43	run_cmd "lxc-stop -n b1 -k"
0e17b9c6 SG	44	pkill -u $(id -u usernic-user) -9
	45
	46	rm -rf /tmp/usernic-test /home/usernic-user /run/user/$(id -u usernic-user)
	47
	48	deluser usernic-user
	49	) >/dev/null 2>&1
	50
	51	if [ "$DONE" = "1" ]; then
	52	echo "PASS"
	53	exit 0
	54	fi
	55
	56	echo "FAIL"
	57	exit 1
	58	}
	59
	60	run_cmd() {
198a3f10 SG	61	sudo -i -u usernic-user \
	62	env http_proxy=${http_proxy:-} https_proxy=${https_proxy:-} \
	63	XDG_RUNTIME_DIR=/run/user/$(id -u usernic-user) $*
8befa924	64	}
20ab58c7	65
fd2b7320 SG	66	ARCH=i386
	67	if type dpkg >/dev/null 2>&1; then
	68	ARCH=$(dpkg --print-architecture)
	69	fi
	70
0e17b9c6 SG	71	set -eu
	72	trap cleanup EXIT SIGHUP SIGINT SIGTERM
	73
8befa924 SH	74	# create a test user
	75	deluser usernic-user \|\| true
	76	useradd usernic-user
	77	sudo mkdir -p /home/usernic-user
79d88b03	78	sudo chown usernic-user: /home/usernic-user
8befa924	79	usermod -v 910000-919999 -w 910000-919999 usernic-user
8befa924	80
0e17b9c6 SG	81	mkdir -p /home/usernic-user/.config/lxc/
0e17b9c6 SG	82	cat > /home/usernic-user/.config/lxc/default.conf << EOF
7fa3f2e9	83	lxc.net.0.type = empty
bdcbb6b3 CB	84	lxc.idmap = u 0 910000 10000
bdcbb6b3 CB	85	lxc.idmap = g 0 910000 10000
8befa924	86	EOF
20ab58c7	87
42e5c987	88	if which cgm >/dev/null 2>&1; then
2ba5eb93 SG	89	cgm create all usernic-user
	90	cgm chown all usernic-user $(id -u usernic-user) $(id -g usernic-user)
	91	cgm movepid all usernic-user $$
42e5c987	92	elif [ -e /sys/fs/cgroup/cgmanager/sock ]; then
ef4deb7f	93	for d in $(cut -d : -f 2 /proc/self/cgroup); do
3f458ed0 SG	94	dbus-send --print-reply --address=unix:path=/sys/fs/cgroup/cgmanager/sock \
	95	--type=method_call /org/linuxcontainers/cgmanager org.linuxcontainers.cgmanager0_0.Create \
	96	string:$d string:usernic-user >/dev/null
	97
	98	dbus-send --print-reply --address=unix:path=/sys/fs/cgroup/cgmanager/sock \
	99	--type=method_call /org/linuxcontainers/cgmanager org.linuxcontainers.cgmanager0_0.Chown \
	100	string:$d string:usernic-user int32:$(id -u usernic-user) int32:$(id -g usernic-user) >/dev/null
	101
	102	dbus-send --print-reply --address=unix:path=/sys/fs/cgroup/cgmanager/sock \
	103	--type=method_call /org/linuxcontainers/cgmanager org.linuxcontainers.cgmanager0_0.MovePid \
	104	string:$d string:usernic-user int32:$$ >/dev/null
	105	done
	106	else
	107	for d in /sys/fs/cgroup/*; do
177f793a	108	[ -f $d/cgroup.clone_children ] && echo 1 > $d/cgroup.clone_children
3f458ed0	109	[ ! -d $d/lxctest ] && mkdir $d/lxctest
79d88b03	110	chown -R usernic-user: $d/lxctest
3f458ed0 SG	111	echo $$ > $d/lxctest/tasks
	112	done
	113	fi
0e17b9c6 SG	114
0e17b9c6 SG	115	mkdir -p /run/user/$(id -u usernic-user)
79d88b03	116	chown -R usernic-user: /run/user/$(id -u usernic-user) /home/usernic-user
20ab58c7	117
57221f67 SG	118	# Copy the download template cache if available
	119	run_cmd "mkdir -p /home/usernic-user/.cache/lxc"
	120	[ -d /var/cache/lxc/download ] && \
	121	cp -R /var/cache/lxc/download /home/usernic-user/.cache/lxc && \
	122	chown -R usernic-user: /home/usernic-user/.cache/lxc
	123
	124
0e17b9c6	125	# Create two test bridges
8befa924 SH	126	brctl addbr usernic-br0
	127	brctl addbr usernic-br1
	128	ifconfig usernic-br0 0.0.0.0 up
	129	ifconfig usernic-br1 0.0.0.0 up
	130
fd2b7320 SG	131	ARCH=i386
	132	if type dpkg >/dev/null 2>&1; then
	133	ARCH=$(dpkg --print-architecture)
	134	fi
	135
64ea46c7 PHL	136	# default release is trusty, or the systems release if recognized
	137	release=trusty
	138	if [ -f /etc/lsb-release ]; then
	139	. /etc/lsb-release
	140	rels=$(ubuntu-distro-info --supported 2>/dev/null) \|\|
	141	rels="$KNOWN_RELEASES"
	142	for r in $rels; do
	143	[ "$DISTRIB_CODENAME" = "$r" ] && release="$r"
	144	done
	145	fi
	146
8befa924	147	# Create three containers
64ea46c7	148	run_cmd "lxc-create -t download -n b1 -- -d ubuntu -r $release -a $ARCH"
0e17b9c6 SG	149	run_cmd "lxc-start -n b1 -d"
0e17b9c6 SG	150	p1=$(run_cmd "lxc-info -n b1 -p -H")
8befa924	151
615af4ac SH	152	lxcpath=/home/usernic-user/.local/share/lxc
	153	lxcname=b1
	154
8befa924	155	# Assign one veth, should fail as no allowed entries yet
f703d990	156	if run_cmd "$LXC_USER_NIC create $lxcpath $lxcname $p1 veth usernic-br0 xx1"; then
8befa924	157	echo "FAIL: able to create nic with no entries"
0e17b9c6	158	exit 1
20ab58c7 SH	159	fi
20ab58c7 SH	160
8befa924	161	# Give him a quota of two
d08363af	162	touch /etc/lxc/lxc-usernet
0e17b9c6 SG	163	sed -i '/^usernic-user/d' /etc/lxc/lxc-usernet
0e17b9c6 SG	164	echo "usernic-user veth usernic-br0 2" >> /etc/lxc/lxc-usernet
8befa924 SH	165
8befa924 SH	166	# Assign one veth to second bridge, should fail
f703d990	167	if run_cmd "$LXC_USER_NIC create $lxcpath $lxcname $p1 veth usernic-br1 xx1"; then
8befa924	168	echo "FAIL: able to create nic with no entries"
0e17b9c6	169	exit 1
8befa924	170	fi
20ab58c7	171
8befa924	172	# Assign two veths, should succeed
f703d990	173	if ! run_cmd "$LXC_USER_NIC create $lxcpath $lxcname $p1 veth usernic-br0 xx2"; then
8befa924	174	echo "FAIL: unable to create first nic"
0e17b9c6	175	exit 1
8befa924	176	fi
0e17b9c6	177
f703d990	178	if ! run_cmd "$LXC_USER_NIC create $lxcpath $lxcname $p1 veth usernic-br0 xx3"; then
8befa924	179	echo "FAIL: unable to create second nic"
0e17b9c6	180	exit 1
20ab58c7 SH	181	fi
20ab58c7 SH	182
8befa924	183	# Assign one more veth, should fail.
f703d990	184	if run_cmd "$LXC_USER_NIC create $lxcpath $lxcname $p1 veth usernic-br0 xx4"; then
8befa924	185	echo "FAIL: able to create third nic"
0e17b9c6	186	exit 1
20ab58c7 SH	187	fi
20ab58c7 SH	188
8befa924	189	# Shut down and restart the container, should be able to assign more nics
c85a40bc	190	run_cmd "lxc-stop -n b1 -k"
0e17b9c6 SG	191	run_cmd "lxc-start -n b1 -d"
	192	p1=$(run_cmd "lxc-info -n b1 -p -H")
	193
f703d990	194	if ! run_cmd "$LXC_USER_NIC create $lxcpath $lxcname $p1 veth usernic-br0 xx5"; then
8befa924 SH	195	echo "FAIL: unable to create nic after destroying the old"
	196	cleanup 1
	197	fi
	198
c85a40bc	199	run_cmd "lxc-stop -n b1 -k"
8befa924 SH	200
	201	# Create a root-owned ns
	202	lxc-create -t busybox -n usernic-c1
	203	lxc-start -n usernic-c1 -d
0e17b9c6	204	p2=$(lxc-info -n usernic-c1 -p -H)
8befa924 SH	205
8befa924 SH	206	# assign veth to it - should fail
f703d990	207	if run_cmd "$LXC_USER_NIC create $lxcpath $lxcname $p2 veth usernic-br0 xx6"; then
8befa924 SH	208	echo "FAIL: able to attach nic to root-owned container"
8befa924 SH	209	cleanup 1
20ab58c7 SH	210	fi
	211
	212	echo "All tests passed"
0e17b9c6	213	DONE=1