This repository has been archived by the owner on Apr 15, 2020. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 26
/
Copy pathunpriv-test
executable file
·153 lines (121 loc) · 4.21 KB
/
unpriv-test
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
#!/bin/bash
# Authors:
# Serge Hallyn <[email protected]>
#
# This is based on the lxc-test-unpriv from the lxc testsuite at
# linuxcontainers.org / git://github.com/lxc/lxc
# This library is free software; you can redistribute it and/or
# modify it under the terms of the GNU Lesser General Public
# License as published by the Free Software Foundation; either
# version 2.1 of the License, or (at your option) any later version.
# This library is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
# Lesser General Public License for more details.
# You should have received a copy of the GNU Lesser General Public
# License along with this library; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
# This test assumes an Ubuntu host. It will create an unprivileged
# user who will create a unprivileged container. Inside that container
# it will install and start cgmanager, and run a full testsuite
# in addition to an extra test for correct uid translation in
# listkeys
if [ $(id -u) -ne 0 ]; then
echo "ERROR: Must run as root."
exit 1
fi
which newuidmap >/dev/null 2>&1 || { echo "'newuidmap' command is missing" >&2; exit 1; }
which lxc-create >/dev/null 2>&1 || { echo "'lxc' package is missing" >&2; exit 1; }
use_ppa=0
if [ $# -eq 1 -a $1 = "useppa" ]; then
use_ppa=1
fi
DONE=0
cleanup() {
cd /
run_cmd lxc-stop -n c1 -k || true
pkill -u $(id -u $TUSER) -9
sed -i '/lxcunpriv/d' /run/lxc/nics /etc/lxc/lxc-usernet
sed -i '/^lxcunpriv:/d' /etc/subuid /etc/subgid
rm -Rf $HDIR /run/user/$(id -u $TUSER)
deluser $TUSER
if [ $DONE -eq 0 ]; then
echo "FAIL"
exit 1
fi
echo "PASS"
}
run_cmd() {
sudo -i -u $TUSER \
env http_proxy=${http_proxy:-} https_proxy=${https_proxy:-} \
SUDO_USER="" \
XDG_RUNTIME_DIR=/run/user/$(id -u $TUSER) $*
}
# create a test user
TUSER=lxcunpriv
HDIR=/home/$TUSER
ARCH=i386
if type dpkg >/dev/null 2>&1; then
ARCH=$(dpkg --print-architecture)
fi
trap cleanup EXIT SIGHUP SIGINT SIGTERM
set -eu
deluser $TUSER && rm -Rf $HDIR || true
useradd $TUSER
mkdir -p $HDIR
echo "$TUSER veth lxcbr0 2" > /etc/lxc/lxc-usernet
sed -i '/^lxcunpriv:/d' /etc/subuid /etc/subgid
usermod -v 910000-919999 -w 910000-919999 $TUSER
mkdir -p $HDIR/.config/lxc/
cat > $HDIR/.config/lxc/default.conf << EOF
lxc.network.type = veth
lxc.network.link = lxcbr0
lxc.id_map = u 0 910000 9999
lxc.id_map = g 0 910000 9999
lxc.aa_profile = lxc-container-default-with-nesting
lxc.mount.auto = cgroup:mixed
EOF
chown -R $TUSER: $HDIR
mkdir -p /run/user/$(id -u $TUSER)
chown -R $TUSER: /run/user/$(id -u $TUSER)
cd $HDIR
cgm create all $TUSER
cgm chown all $TUSER $(id -u $TUSER) $(id -g $TUSER)
cgm movepid all $TUSER $$
# Copy the download template cache if available
run_cmd mkdir -p $HDIR/.cache/lxc
[ -d /var/cache/lxc/download ] && \
cp -R /var/cache/lxc/download $HDIR/.cache/lxc && \
chown -R $TUSER: $HDIR/.cache/lxc
run_cmd lxc-create -t download -n c1 -- -d ubuntu -r utopic -a $ARCH
run_cmd lxc-start -n c1 -d
run_cmd lxc-wait -n c1 -s RUNNING
ip=''
while [ -z "$ip" ]; do
ip=$(run_cmd lxc-info -n c1 -i -H)
done
run_cmd lxc-attach -n c1 -- ping -c 1 google.com
run_cmd lxc-attach -n c1 -- apt-get update
if [ $use_ppa -eq 1 ]; then
run_cmd lxc-attach -n c1 -- apt-get -y install software-properties-common
run_cmd lxc-attach -n c1 -- add-apt-repository -y ppa:serge-hallyn/cgmanager
run_cmd lxc-attach -n c1 -- apt-get update
fi
run_cmd lxc-attach -n c1 -- apt-get -y install cgmanager cgmanager-tests
run_cmd lxc-attach -n c1 -- cat /proc/self/cgroup
run_cmd lxc-attach -n c1 -- /usr/share/cgmanager/tests/runtests.sh
run_cmd lxc-attach -n c1 -- cgm create memory xxx
output=$(run_cmd lxc-attach -n c1 -- cgm listkeys memory)
output2=$(run_cmd lxc-attach -n c1 -- cgm listkeys memory xxx)
id1=$(echo "$output" | awk '/^tasks/ { print $2 }')
id2=$(echo "$output2" | awk '/^tasks/ { print $2 }')
if [ "$id1" != "4294967295" ]; then
echo "listkeys did not properly shift nobody id"
false
fi
if [ "$id2" != "0" ]; then
echo "listkeys did not properly shift 0 id"
false
fi
run_cmd lxc-stop -n c1
DONE=1