Set correct user mappings for test of unprivileged containers

Unprivileged container must to have a correct mappings to share the device or folder. Add 'user' user into 'disk' group for device sharing test. Signed-off-by: Denis Pynkin <denis.pynkin@collabora.com>

Set correct user mappings for test of unprivileged containers
Unprivileged container must to have a correct mappings to share the device or folder. Add 'user' user into 'disk' group for device sharing test. Signed-off-by: Denis Pynkin <denis.pynkin@collabora.com>
6f1814e1 · Denis Pynkin · Denis Pynkin · 3b9cc5e0 · 6f1814e1 · 6f1814e1
Commit 6f1814e1 authored 6 years ago by Denis Pynkin Committed by Denis Pynkin 6 years ago
--- a/test-cases/tiny-container-user-basic.yaml
+++ b/test-cases/tiny-container-user-basic.yaml
@@ -28,6 +28,11 @@ run:
    - sysctl -w kernel.unprivileged_userns_clone=1
    - "# Setup the AppArmor profile for container:"
    - sed s/__NAMESPACE_PLACEHOLDER__/lxc-apertis-tiny-userns/g lxc/lxc-tiny-connectivity-profile-template | apparmor_parser -qr
+    - "# Make sure user have correct mappings for test:"
+    - usermod --add-subuids 1000-1000 user
+    - usermod --add-subuids 100000-165535 user
+    - usermod --add-subgids 1000-1000 user
+    - usermod --add-subgids 100000-165535 user
    - "# Check the basic functionality of container:"
    - sudo -u user -H lavatests/check-tiny-containers -a "$ARCH" -r "$RELEASE" -d "$IMAGE_DATE" -t lxc/lxc-tiny-connectivity --aa-namespace "lxc-apertis-tiny-userns"


--- a/test-cases/tiny-container-user-device-sharing.yaml
+++ b/test-cases/tiny-container-user-device-sharing.yaml
@@ -33,8 +33,13 @@ run:
    - "# Create the random file and map it to loop0 device on host:"
    - dd if=/dev/urandom of=/var/test.img bs=1M count=1
    - losetup /dev/loop0 /var/test.img
-    - "# Allow user to access the device on host:"
-    - chmod 666 /dev/loop0
+    - "# Make sure user have correct mappings for test:"
+    - usermod --add-subuids 1000-1000 user
+    - usermod --add-subuids 100000-165535 user
+    - usermod --add-subgids 6-6 user
+    - usermod --add-subgids 100000-165535 user
+    - "# Add user to group 'disk' for accessing to '/dev/loop0' device:"
+    - usermod -a -G disk user
    - "# Check that a simple loop device created on the host can be shared with the container and accessed from inside it:"
    - sudo -u user -H lavatests/test-device-sharing -a "$ARCH" -r "$RELEASE" -d "$IMAGE_DATE" -t lxc/lxc-tiny-connectivity --aa-namespace "lxc-apertis-tiny-userns"
    - "# Release the loop0 device on host after the test:"

--- a/test-cases/tiny-container-user-folder-sharing.yaml
+++ b/test-cases/tiny-container-user-folder-sharing.yaml
@@ -28,6 +28,11 @@ run:
    - sysctl -w kernel.unprivileged_userns_clone=1
    - "# Setup the AppArmor profile for container:"
    - sed s/__NAMESPACE_PLACEHOLDER__/lxc-apertis-tiny-userns/g lxc/lxc-tiny-connectivity-profile-template | apparmor_parser -qr
+    - "# Make sure user have correct mappings for test:"
+    - usermod --add-subuids 1000-1000 user
+    - usermod --add-subuids 100000-165535 user
+    - usermod --add-subgids 1000-1000 user
+    - usermod --add-subgids 100000-165535 user
    - "# Check that files created in a configured shared folder on the host can be read in the container and vice-versa:"
    - sudo -u user -H lavatests/test-folder-sharing -a "$ARCH" -r "$RELEASE" -d "$IMAGE_DATE" -t lxc/lxc-tiny-connectivity --aa-namespace "lxc-apertis-tiny-userns"