lxc-test-unpriv revision e6ccd90bb2b693cf3a77f2d50648b98d3400f5c3
d08363afbb40a7a8f579fe1ce60e40ffeaee5959Serge Hallyn#!/bin/bash
d08363afbb40a7a8f579fe1ce60e40ffeaee5959Serge Hallyn
d08363afbb40a7a8f579fe1ce60e40ffeaee5959Serge Hallyn# lxc: linux Container library
d08363afbb40a7a8f579fe1ce60e40ffeaee5959Serge Hallyn
d08363afbb40a7a8f579fe1ce60e40ffeaee5959Serge Hallyn# Authors:
d08363afbb40a7a8f579fe1ce60e40ffeaee5959Serge Hallyn# Serge Hallyn <serge.hallyn@ubuntu.com>
d08363afbb40a7a8f579fe1ce60e40ffeaee5959Serge Hallyn#
d08363afbb40a7a8f579fe1ce60e40ffeaee5959Serge Hallyn# This is a test script for unprivileged containers
d08363afbb40a7a8f579fe1ce60e40ffeaee5959Serge Hallyn
d08363afbb40a7a8f579fe1ce60e40ffeaee5959Serge Hallyn# This library is free software; you can redistribute it and/or
d08363afbb40a7a8f579fe1ce60e40ffeaee5959Serge Hallyn# modify it under the terms of the GNU Lesser General Public
d08363afbb40a7a8f579fe1ce60e40ffeaee5959Serge Hallyn# License as published by the Free Software Foundation; either
d08363afbb40a7a8f579fe1ce60e40ffeaee5959Serge Hallyn# version 2.1 of the License, or (at your option) any later version.
d08363afbb40a7a8f579fe1ce60e40ffeaee5959Serge Hallyn
d08363afbb40a7a8f579fe1ce60e40ffeaee5959Serge Hallyn# This library is distributed in the hope that it will be useful,
d08363afbb40a7a8f579fe1ce60e40ffeaee5959Serge Hallyn# but WITHOUT ANY WARRANTY; without even the implied warranty of
d08363afbb40a7a8f579fe1ce60e40ffeaee5959Serge Hallyn# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
d08363afbb40a7a8f579fe1ce60e40ffeaee5959Serge Hallyn# Lesser General Public License for more details.
d08363afbb40a7a8f579fe1ce60e40ffeaee5959Serge Hallyn
d08363afbb40a7a8f579fe1ce60e40ffeaee5959Serge Hallyn# You should have received a copy of the GNU Lesser General Public
d08363afbb40a7a8f579fe1ce60e40ffeaee5959Serge Hallyn# License along with this library; if not, write to the Free Software
d08363afbb40a7a8f579fe1ce60e40ffeaee5959Serge Hallyn# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
d08363afbb40a7a8f579fe1ce60e40ffeaee5959Serge Hallyn
d08363afbb40a7a8f579fe1ce60e40ffeaee5959Serge Hallynif [ $(id -u) -ne 0 ]; then
d08363afbb40a7a8f579fe1ce60e40ffeaee5959Serge Hallyn echo 'run as root'
d08363afbb40a7a8f579fe1ce60e40ffeaee5959Serge Hallyn exit 1
d08363afbb40a7a8f579fe1ce60e40ffeaee5959Serge Hallynfi
d08363afbb40a7a8f579fe1ce60e40ffeaee5959Serge Hallynwhich newuidmap >/dev/null 2>&1 || { echo "'newuidmap' command is missing" >&2; exit 1; }
d08363afbb40a7a8f579fe1ce60e40ffeaee5959Serge Hallyn
d08363afbb40a7a8f579fe1ce60e40ffeaee5959Serge HallynDONE=0
d08363afbb40a7a8f579fe1ce60e40ffeaee5959Serge Hallyncleanup() {
73d3e0903c728d5fdc4591c5d7cd157004461230Stéphane Graber cd
73d3e0903c728d5fdc4591c5d7cd157004461230Stéphane Graber
73d3e0903c728d5fdc4591c5d7cd157004461230Stéphane Graber run_cmd lxc-stop -n c1 -k
73d3e0903c728d5fdc4591c5d7cd157004461230Stéphane Graber pkill -u $(id -u $TUSER) -9
73d3e0903c728d5fdc4591c5d7cd157004461230Stéphane Graber
7059802cf0653d94236a78793a407cf02ff378a9Stéphane Graber sed -i '/lxcunpriv/d' /var/run/lxc/nics /etc/lxc/lxc-usernet
d08363afbb40a7a8f579fe1ce60e40ffeaee5959Serge Hallyn sed -i '/^lxcunpriv:/d' /etc/subuid /etc/subgid
73d3e0903c728d5fdc4591c5d7cd157004461230Stéphane Graber
73d3e0903c728d5fdc4591c5d7cd157004461230Stéphane Graber rm -Rf $HDIR /run/user/$(id -u $TUSER)
73d3e0903c728d5fdc4591c5d7cd157004461230Stéphane Graber
73d3e0903c728d5fdc4591c5d7cd157004461230Stéphane Graber deluser $TUSER
73d3e0903c728d5fdc4591c5d7cd157004461230Stéphane Graber
d08363afbb40a7a8f579fe1ce60e40ffeaee5959Serge Hallyn if [ $DONE -eq 0 ]; then
73d3e0903c728d5fdc4591c5d7cd157004461230Stéphane Graber echo "FAIL"
73d3e0903c728d5fdc4591c5d7cd157004461230Stéphane Graber exit 1
d08363afbb40a7a8f579fe1ce60e40ffeaee5959Serge Hallyn fi
73d3e0903c728d5fdc4591c5d7cd157004461230Stéphane Graber echo "PASS"
73d3e0903c728d5fdc4591c5d7cd157004461230Stéphane Graber}
73d3e0903c728d5fdc4591c5d7cd157004461230Stéphane Graber
73d3e0903c728d5fdc4591c5d7cd157004461230Stéphane Graberrun_cmd() {
e6ccd90bb2b693cf3a77f2d50648b98d3400f5c3Stéphane Graber if [ -n "${http_proxy:-}" ]; then
e6ccd90bb2b693cf3a77f2d50648b98d3400f5c3Stéphane Graber sudo -i -u $TUSER env http_proxy=$http_proxy XDG_RUNTIME_DIR=/run/user/$(id -u $TUSER) $*
e6ccd90bb2b693cf3a77f2d50648b98d3400f5c3Stéphane Graber else
e6ccd90bb2b693cf3a77f2d50648b98d3400f5c3Stéphane Graber sudo -i -u $TUSER env XDG_RUNTIME_DIR=/run/user/$(id -u $TUSER) $*
e6ccd90bb2b693cf3a77f2d50648b98d3400f5c3Stéphane Graber fi
d08363afbb40a7a8f579fe1ce60e40ffeaee5959Serge Hallyn}
d08363afbb40a7a8f579fe1ce60e40ffeaee5959Serge Hallyn
d08363afbb40a7a8f579fe1ce60e40ffeaee5959Serge Hallyn# create a test user
d08363afbb40a7a8f579fe1ce60e40ffeaee5959Serge HallynTUSER=lxcunpriv
d08363afbb40a7a8f579fe1ce60e40ffeaee5959Serge HallynHDIR=/home/$TUSER
d08363afbb40a7a8f579fe1ce60e40ffeaee5959Serge Hallyn
d08363afbb40a7a8f579fe1ce60e40ffeaee5959Serge Hallyntrap cleanup EXIT SIGHUP SIGINT SIGTERM
73d3e0903c728d5fdc4591c5d7cd157004461230Stéphane Graberset -eu
d08363afbb40a7a8f579fe1ce60e40ffeaee5959Serge Hallyn
73d3e0903c728d5fdc4591c5d7cd157004461230Stéphane Graberdeluser $TUSER && rm -Rf $HDIR || true
d08363afbb40a7a8f579fe1ce60e40ffeaee5959Serge Hallynuseradd $TUSER
73d3e0903c728d5fdc4591c5d7cd157004461230Stéphane Graber
73d3e0903c728d5fdc4591c5d7cd157004461230Stéphane Grabermkdir -p $HDIR
d08363afbb40a7a8f579fe1ce60e40ffeaee5959Serge Hallynecho "$TUSER veth lxcbr0 2" > /etc/lxc/lxc-usernet
d08363afbb40a7a8f579fe1ce60e40ffeaee5959Serge Hallynsed -i '/^lxcunpriv:/d' /etc/subuid /etc/subgid
73d3e0903c728d5fdc4591c5d7cd157004461230Stéphane Graber
d08363afbb40a7a8f579fe1ce60e40ffeaee5959Serge Hallynusermod -v 910000-919999 -w 910000-919999 $TUSER
d08363afbb40a7a8f579fe1ce60e40ffeaee5959Serge Hallyn
73d3e0903c728d5fdc4591c5d7cd157004461230Stéphane Grabermkdir -p $HDIR/.config/lxc/
73d3e0903c728d5fdc4591c5d7cd157004461230Stéphane Grabercat > $HDIR/.config/lxc/default.conf << EOF
d08363afbb40a7a8f579fe1ce60e40ffeaee5959Serge Hallynlxc.network.type = veth
d08363afbb40a7a8f579fe1ce60e40ffeaee5959Serge Hallynlxc.network.link = lxcbr0
d08363afbb40a7a8f579fe1ce60e40ffeaee5959Serge Hallynlxc.id_map = u 0 910000 9999
d08363afbb40a7a8f579fe1ce60e40ffeaee5959Serge Hallynlxc.id_map = g 0 910000 9999
d08363afbb40a7a8f579fe1ce60e40ffeaee5959Serge HallynEOF
73d3e0903c728d5fdc4591c5d7cd157004461230Stéphane Graberchown -R $TUSER $HDIR
73d3e0903c728d5fdc4591c5d7cd157004461230Stéphane Graber
73d3e0903c728d5fdc4591c5d7cd157004461230Stéphane Grabermkdir -p /run/user/$(id -u $TUSER)
73d3e0903c728d5fdc4591c5d7cd157004461230Stéphane Graberchown -R $TUSER /run/user/$(id -u $TUSER)
73d3e0903c728d5fdc4591c5d7cd157004461230Stéphane Graber
73d3e0903c728d5fdc4591c5d7cd157004461230Stéphane Grabercd $HDIR
d08363afbb40a7a8f579fe1ce60e40ffeaee5959Serge Hallyn
d08363afbb40a7a8f579fe1ce60e40ffeaee5959Serge Hallynfor d in /sys/fs/cgroup/*; do
73d3e0903c728d5fdc4591c5d7cd157004461230Stéphane Graber [ ! -d $d/lxctest ] && mkdir $d/lxctest
d08363afbb40a7a8f579fe1ce60e40ffeaee5959Serge Hallyn chown -R $TUSER $d/lxctest
d08363afbb40a7a8f579fe1ce60e40ffeaee5959Serge Hallyn echo $$ > $d/lxctest/tasks
d08363afbb40a7a8f579fe1ce60e40ffeaee5959Serge Hallyndone
73d3e0903c728d5fdc4591c5d7cd157004461230Stéphane Graber
73d3e0903c728d5fdc4591c5d7cd157004461230Stéphane Graberrun_cmd lxc-create -t download -n c1 -- -d ubuntu -r trusty -a i386
73d3e0903c728d5fdc4591c5d7cd157004461230Stéphane Graberrun_cmd lxc-start -n c1 -d
73d3e0903c728d5fdc4591c5d7cd157004461230Stéphane Graber
73d3e0903c728d5fdc4591c5d7cd157004461230Stéphane Graberp1=$(run_cmd lxc-info -n c1 -p -H)
d08363afbb40a7a8f579fe1ce60e40ffeaee5959Serge Hallyn[ "$p1" != "-1" ] || { echo "Failed to start container c1"; false; }
d08363afbb40a7a8f579fe1ce60e40ffeaee5959Serge Hallyn
73d3e0903c728d5fdc4591c5d7cd157004461230Stéphane Graberrun_cmd lxc-info -n c1
73d3e0903c728d5fdc4591c5d7cd157004461230Stéphane Graberrun_cmd lxc-attach -n c1 -- /bin/true
73d3e0903c728d5fdc4591c5d7cd157004461230Stéphane Graber
d08363afbb40a7a8f579fe1ce60e40ffeaee5959Serge HallynDONE=1