Skip to content

container: Better handle lxc_start #62

container: Better handle lxc_start

container: Better handle lxc_start #62

Workflow file for this run

name: CI tests
on:
- push
- pull_request
jobs:
test:
strategy:
fail-fast: false
matrix:
go:
- 1.20.x
- stable
os:
- ubuntu-20.04
- ubuntu-22.04
runs-on: ${{ matrix.os }}
steps:
- name: Install Go
uses: actions/setup-go@v4
with:
go-version: ${{ matrix.go }}
- name: Checkout code
uses: actions/checkout@v2
- name: Install dependencies
run: |
sudo add-apt-repository ppa:ubuntu-lxc/daily -y
sudo apt-get install -qq apparmor lxc lxc-dev pkg-config uidmap busybox libdbus-1-dev libseccomp-dev libcap-dev libselinux-dev nftables iptables
- name: Reset all firewalling
run: |
sudo iptables -F
sudo iptables -P INPUT ACCEPT
sudo iptables -P OUTPUT ACCEPT
sudo iptables -P FORWARD ACCEPT
sudo nft flush ruleset
- name: Setup test environment
run: |
# Setup uid/gid and veth allocations
echo "${USER}:100000:65536" | sudo tee /etc/subuid
echo "${USER}:100000:65536" | sudo tee /etc/subgid
echo "${USER} veth lxcbr0 10" | sudo tee -a /etc/lxc/lxc-usernet
# Local user configuration for userns
mkdir -p ~/.config/lxc/
cp /etc/lxc/default.conf ~/.config/lxc/default.conf
echo "lxc.idmap = u 0 100000 65536" | tee -a ~/.config/lxc/default.conf
echo "lxc.idmap = g 0 100000 65536" | tee -a ~/.config/lxc/default.conf
# Allow traversal to the containers
mkdir -p ~/.local/share/lxc
chmod +x ~/ ~/.local ~/.local/share ~/.local/share/lxc
- name: Build the test
run:
go test -c -coverprofile=profile
- name: Unprivileged tests
env:
DOWNLOAD_KEYSERVER: keyserver.ubuntu.com
run: |
# Make all cgroups writable
if [ ! -e /sys/fs/cgroup/cgroup.controllers ]; then
# CGroup 1
for d in /sys/fs/cgroup/*; do
[ -f $d/cgroup.clone_children ] && echo 1 | sudo tee $d/cgroup.clone_children
[ -f $d/cgroup.use_hierarchy ] && echo 1 | sudo tee $d/cgroup.use_hierarchy
sudo mkdir -p $d/lxc-test
sudo chown -R $USER: $d/lxc-test
echo $$ | sudo tee $d/lxc-test/cgroup.procs
done
# Run the unprivileged tests
./go-lxc.test -test.v -test.coverprofile=/tmp/unpriv.out
else
# CGroup 2
sudo mkdir -p /sys/fs/cgroup/lxc-test
sudo chown -R $USER: /sys/fs/cgroup/lxc-test
echo $$ | sudo tee /sys/fs/cgroup/lxc-test/cgroup.procs
# Run the unprivileged tests
systemd-run --unit=go-lxc-test --user --scope -p "Delegate=yes" ./go-lxc.test -test.v -test.coverprofile=/tmp/unpriv.out
fi
- name: Privileged tests
env:
DOWNLOAD_KEYSERVER: keyserver.ubuntu.com
run:
sudo -E ./go-lxc.test -test.v -test.coverprofile=/tmp/priv.out
- name: Code coverage
run: make cover