From 6f1814e161c93d76240ef8304d728506c124cbe7 Mon Sep 17 00:00:00 2001
From: Denis Pynkin <denis.pynkin@collabora.com>
Date: Tue, 26 Feb 2019 16:25:56 +0300
Subject: [PATCH] Set correct user mappings for test of unprivileged containers

Unprivileged container must to have a correct mappings to share the
device or folder.
Add 'user' user into 'disk' group for device sharing test.

Signed-off-by: Denis Pynkin <denis.pynkin@collabora.com>
---
 test-cases/tiny-container-user-basic.yaml          | 5 +++++
 test-cases/tiny-container-user-device-sharing.yaml | 9 +++++++--
 test-cases/tiny-container-user-folder-sharing.yaml | 5 +++++
 3 files changed, 17 insertions(+), 2 deletions(-)

diff --git a/test-cases/tiny-container-user-basic.yaml b/test-cases/tiny-container-user-basic.yaml
index c555881..b978b4e 100644
--- a/test-cases/tiny-container-user-basic.yaml
+++ b/test-cases/tiny-container-user-basic.yaml
@@ -28,6 +28,11 @@ run:
     - sysctl -w kernel.unprivileged_userns_clone=1
     - "# Setup the AppArmor profile for container:"
     - sed s/__NAMESPACE_PLACEHOLDER__/lxc-apertis-tiny-userns/g lxc/lxc-tiny-connectivity-profile-template | apparmor_parser -qr
+    - "# Make sure user have correct mappings for test:"
+    - usermod --add-subuids 1000-1000 user
+    - usermod --add-subuids 100000-165535 user
+    - usermod --add-subgids 1000-1000 user
+    - usermod --add-subgids 100000-165535 user
     - "# Check the basic functionality of container:"
     - sudo -u user -H lavatests/check-tiny-containers -a "$ARCH" -r "$RELEASE" -d "$IMAGE_DATE" -t lxc/lxc-tiny-connectivity --aa-namespace "lxc-apertis-tiny-userns"
 
diff --git a/test-cases/tiny-container-user-device-sharing.yaml b/test-cases/tiny-container-user-device-sharing.yaml
index 27dcd54..b76549a 100644
--- a/test-cases/tiny-container-user-device-sharing.yaml
+++ b/test-cases/tiny-container-user-device-sharing.yaml
@@ -33,8 +33,13 @@ run:
     - "# Create the random file and map it to loop0 device on host:"
     - dd if=/dev/urandom of=/var/test.img bs=1M count=1
     - losetup /dev/loop0 /var/test.img
-    - "# Allow user to access the device on host:"
-    - chmod 666 /dev/loop0
+    - "# Make sure user have correct mappings for test:"
+    - usermod --add-subuids 1000-1000 user
+    - usermod --add-subuids 100000-165535 user
+    - usermod --add-subgids 6-6 user
+    - usermod --add-subgids 100000-165535 user
+    - "# Add user to group 'disk' for accessing to '/dev/loop0' device:"
+    - usermod -a -G disk user
     - "# Check that a simple loop device created on the host can be shared with the container and accessed from inside it:"
     - sudo -u user -H lavatests/test-device-sharing -a "$ARCH" -r "$RELEASE" -d "$IMAGE_DATE" -t lxc/lxc-tiny-connectivity --aa-namespace "lxc-apertis-tiny-userns"
     - "# Release the loop0 device on host after the test:"
diff --git a/test-cases/tiny-container-user-folder-sharing.yaml b/test-cases/tiny-container-user-folder-sharing.yaml
index f67ff7c..5a16c52 100644
--- a/test-cases/tiny-container-user-folder-sharing.yaml
+++ b/test-cases/tiny-container-user-folder-sharing.yaml
@@ -28,6 +28,11 @@ run:
     - sysctl -w kernel.unprivileged_userns_clone=1
     - "# Setup the AppArmor profile for container:"
     - sed s/__NAMESPACE_PLACEHOLDER__/lxc-apertis-tiny-userns/g lxc/lxc-tiny-connectivity-profile-template | apparmor_parser -qr
+    - "# Make sure user have correct mappings for test:"
+    - usermod --add-subuids 1000-1000 user
+    - usermod --add-subuids 100000-165535 user
+    - usermod --add-subgids 1000-1000 user
+    - usermod --add-subgids 100000-165535 user
     - "# Check that files created in a configured shared folder on the host can be read in the container and vice-versa:"
     - sudo -u user -H lavatests/test-folder-sharing -a "$ARCH" -r "$RELEASE" -d "$IMAGE_DATE" -t lxc/lxc-tiny-connectivity --aa-namespace "lxc-apertis-tiny-userns"
 
-- 
GitLab