From df6f1a3e08030c90510c6a817a1771276439efed Mon Sep 17 00:00:00 2001 From: Thomas Haller Date: Wed, 6 Sep 2023 13:52:18 +0200 Subject: tests/shell: bind mount private /var/run/netns in test container Some tests want to run `ip netns add`, which requires write permissions to /var/run/netns. Also, /var/run/netns would be a systemwide mount path, and shared between the tests. We would want to isolate that. Fix that by bind mount a tmpfs inside the test wrapper, if we appear to have a private mount namespace. Fixes $ ./tests/shell/run-tests.sh -- tests/shell/testcases/netns/0001nft-f_0 Optimally, `ip netns add` would allow to specify a private location for those bind mounts. It seems that iproute2 is build with /var/run/netns, instead the more common /run/netns. Hence, handle /var/run instead of /run. Signed-off-by: Thomas Haller Signed-off-by: Florian Westphal --- tests/shell/helpers/test-wrapper.sh | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) (limited to 'tests/shell/helpers/test-wrapper.sh') diff --git a/tests/shell/helpers/test-wrapper.sh b/tests/shell/helpers/test-wrapper.sh index fee55e5f..b8a54ed7 100755 --- a/tests/shell/helpers/test-wrapper.sh +++ b/tests/shell/helpers/test-wrapper.sh @@ -9,10 +9,33 @@ TEST="$1" TESTBASE="$(basename "$TEST")" TESTDIR="$(dirname "$TEST")" +CLEANUP_UMOUNT_RUN_NETNS=n + +cleanup() { + if [ "$CLEANUP_UMOUNT_RUN_NETNS" = y ] ; then + umount "/var/run/netns" || : + fi +} + +trap cleanup EXIT + printf '%s\n' "$TEST" > "$NFT_TEST_TESTTMPDIR/name" read tainted_before < /proc/sys/kernel/tainted +if [ "$NFT_TEST_HAS_UNSHARED_MOUNT" = y ] ; then + # We have a private mount namespace. We will mount /run/netns as a tmpfs, + # this is useful because `ip netns add` wants to add files there. + # + # When running as rootless, this is necessary to get such tests to + # pass. When running rootful, it's still useful to not touch the + # "real" /var/run/netns of the system. + mkdir -p /var/run/netns + if mount -t tmpfs --make-private "/var/run/netns" ; then + CLEANUP_UMOUNT_RUN_NETNS=y + fi +fi + rc_test=0 "$TEST" &> "$NFT_TEST_TESTTMPDIR/testout.log" || rc_test=$? -- cgit v1.2.3