Skip to content
Snippets Groups Projects

Add test cases for Tiny containers

Merged Denis Pynkin requested to merge wip/d4s/T5571 into apertis/v2019dev0

Split check-tiny-*-container test case and add some new tests:

  • basic functionality
  • folder mapping
  • device mapping
  • AppArmor enforcement
  • AppArmot connectivity profile
  • custom seccomp policy

Test: https://lava.collabora.co.uk/scheduler/job/1525149 (aa_embedded* were failed since tarball not includes bin.dbus-daemon aa profile yet)

Merge request reports

Loading
Loading

Activity

Filter activity
  • Approvals
  • Assignees & reviewers
  • Comments (from bots)
  • Comments (from users)
  • Commits & branches
  • Edits
  • Labels
  • Lock status
  • Mentions
  • Merge request status
  • Tracking
  • Almost looks good to me, but you mention aa_embedded* which I guess was aa_enforcement You also have the failures below: https://lava.collabora.co.uk/results/1525149/9_lxc-user-container-connectivity-profile https://lava.collabora.co.uk/results/1525149/8_lxc-system-container-connectivity-profile Is this also related? It does not seem so imho

    Edited by Frédéric Dalleau
  • Author Maintainer

    nope. aa_embedded* are the test of load/unload embedded profile inside of containers. the name of the test file comes from the task, I'm unsure but that case it have sense to rename the file instead of the test.

    The failure is expected -- we need to cleanup tiny container's rootfs -- at the moment it contains unexpected directories.

  • Denis Pynkin added 9 commits

    added 9 commits

    • f65d7528 - 1 commit from branch apertis/v2019dev0
    • bb704fee - Add mapping tests for tiny containers
    • 3cdb7248 - Remove unneeded deps from container tests
    • 3b9cc5e0 - Split check-tiny-*-container testcase
    • 6f1814e1 - Set correct user mappings for test of unprivileged containers
    • 06ce3119 - Add Tiny containers AppArmor test
    • 325a867b - Add test cases for Tiny container AppArmor enforcement
    • 4cc61e83 - Target the apertis/v2019dev0 branches
    • 31e2acc7 - Add cases for Tiny container seccomp testing

    Compare with previous version

  • Ok after some discussions, the image contains new directories

    touch /home/aa-test-file unexpected pass.
    mkdir /home/aa-test-folder unexpected pass.
    touch /media/aa-test-file unexpected pass.
    mkdir /media/aa-test-folder unexpected pass.
    touch /mnt/aa-test-file unexpected pass.
    mkdir /mnt/aa-test-folder unexpected pass.
    touch /root/aa-test-file unexpected pass.
    mkdir /root/aa-test-folder unexpected pass.
    touch /script/aa-test-file unexpected pass.
    mkdir /script/aa-test-folder unexpected pass.

    /home|/media|/mnt|/root were added as part of rfs+sysroot change. /script is a residue from the debos process and is present on all images. It makes sense to keep the test-connectivity-profile test as pristine as possible and try to fix the root causes.

Please register or sign in to reply
Loading