diff options
author | Thomas Haller <thaller@redhat.com> | 2023-09-06 13:52:18 +0200 |
---|---|---|
committer | Florian Westphal <fw@strlen.de> | 2023-09-07 19:35:20 +0200 |
commit | df6f1a3e08030c90510c6a817a1771276439efed (patch) | |
tree | 0f8c0e828964f3c69413e11f9102e0d1c55e4808 /tests/shell/helpers/test-wrapper.sh | |
parent | 8ba377f5d1954bc662ec4bedfb2f3d7c1ae66428 (diff) |
tests/shell: bind mount private /var/run/netns in test container
Some tests want to run `ip netns add`, which requires write permissions
to /var/run/netns. Also, /var/run/netns would be a systemwide mount
path, and shared between the tests. We would want to isolate that.
Fix that by bind mount a tmpfs inside the test wrapper, if we appear to
have a private mount namespace.
Fixes
$ ./tests/shell/run-tests.sh -- tests/shell/testcases/netns/0001nft-f_0
Optimally, `ip netns add` would allow to specify a private
location for those bind mounts.
It seems that iproute2 is build with /var/run/netns, instead the more
common /run/netns. Hence, handle /var/run instead of /run.
Signed-off-by: Thomas Haller <thaller@redhat.com>
Signed-off-by: Florian Westphal <fw@strlen.de>
Diffstat (limited to 'tests/shell/helpers/test-wrapper.sh')
-rwxr-xr-x | tests/shell/helpers/test-wrapper.sh | 23 |
1 files changed, 23 insertions, 0 deletions
diff --git a/tests/shell/helpers/test-wrapper.sh b/tests/shell/helpers/test-wrapper.sh index fee55e5f..b8a54ed7 100755 --- a/tests/shell/helpers/test-wrapper.sh +++ b/tests/shell/helpers/test-wrapper.sh @@ -9,10 +9,33 @@ TEST="$1" TESTBASE="$(basename "$TEST")" TESTDIR="$(dirname "$TEST")" +CLEANUP_UMOUNT_RUN_NETNS=n + +cleanup() { + if [ "$CLEANUP_UMOUNT_RUN_NETNS" = y ] ; then + umount "/var/run/netns" || : + fi +} + +trap cleanup EXIT + printf '%s\n' "$TEST" > "$NFT_TEST_TESTTMPDIR/name" read tainted_before < /proc/sys/kernel/tainted +if [ "$NFT_TEST_HAS_UNSHARED_MOUNT" = y ] ; then + # We have a private mount namespace. We will mount /run/netns as a tmpfs, + # this is useful because `ip netns add` wants to add files there. + # + # When running as rootless, this is necessary to get such tests to + # pass. When running rootful, it's still useful to not touch the + # "real" /var/run/netns of the system. + mkdir -p /var/run/netns + if mount -t tmpfs --make-private "/var/run/netns" ; then + CLEANUP_UMOUNT_RUN_NETNS=y + fi +fi + rc_test=0 "$TEST" &> "$NFT_TEST_TESTTMPDIR/testout.log" || rc_test=$? |