Skip to content

Commit b9666dc

Browse files
TomSweeneyRedHatTomSweeneyRedHat
authored
Merge pull request #6636 from nalind/test-overlay-over-overlay
chroot.bats(chroot with overlay root): ensure we can overlay
2 parents b551976 + f830dad commit b9666dc

File tree

1 file changed

+33
-4
lines changed

1 file changed

+33
-4
lines changed

tests/chroot.bats

Lines changed: 33 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -124,11 +124,24 @@ load helpers
124124
cp -v ${TEST_SOURCES}/containers.conf ${TEST_SCRATCH_DIR}/containers.conf
125125
chmod ugo+r ${TEST_SCRATCH_DIR}/containers.conf
126126
mkdir -p ${TEST_SCRATCH_DIR}/chroot
127+
${COPY_BINARY} containers-storage:[${STORAGE_DRIVER}@${TEST_SCRATCH_DIR}/root+${TEST_SCRATCH_DIR}/runroot]docker.io/library/busybox:latest dir:${TEST_SCRATCH_DIR}/base-image
127128
chown -R 1:1 ${TEST_SCRATCH_DIR}/root ${TEST_SCRATCH_DIR}/runroot ${TEST_SCRATCH_DIR}/chroot
129+
if test ${STORAGE_DRIVER} = overlay ; then
130+
if test -x /usr/bin/fuse-overlayfs ; then
131+
local storage_opts="overlay.mount_program=/usr/bin/fuse-overlayfs"
132+
else
133+
skip "trying to use overlay on top of overlay, but fuse-overlayfs is not present"
134+
fi
135+
fi
136+
# a script that runs inside of a new mount namespace and mounts the current
137+
# rootfs as the "lower" for an overlay, then pivots into it
128138
cat > ${TEST_SCRATCH_DIR}/script1 <<- EOF
129139
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin${PATH:+:$PATH}
130140
set -e
131141
set -x
142+
if test \$(stat -f -c %T "${TEST_SCRATCH_DIR}/chroot") = overlayfs ; then
143+
mount -t tmpfs -o size=16M none ${TEST_SCRATCH_DIR}/chroot
144+
fi
132145
mkdir -p ${TEST_SCRATCH_DIR}/chroot/workdir
133146
mkdir -p ${TEST_SCRATCH_DIR}/chroot/upperdir
134147
mkdir -p ${TEST_SCRATCH_DIR}/chroot/merged
@@ -152,21 +165,34 @@ load helpers
152165
if test -d /var/tmp; then
153166
mount --bind /var/tmp ${TEST_SCRATCH_DIR}/chroot/merged/var/tmp
154167
fi
168+
mkdir -p ${TEST_SCRATCH_DIR}/chroot/merged/run
169+
mount -t tmpfs -o size=1024k none ${TEST_SCRATCH_DIR}/chroot/merged/run
170+
chmod 755 ${TEST_SCRATCH_DIR}/chroot/merged/run
171+
mkdir -p ${TEST_SCRATCH_DIR}/chroot/merged/run/containers/storage
172+
chmod 755 ${TEST_SCRATCH_DIR}/chroot/merged/run/containers/storage
173+
mkdir -p ${TEST_SCRATCH_DIR}/chroot/merged/var/lib/containers/storage
174+
chmod 755 ${TEST_SCRATCH_DIR}/chroot/merged/var/lib/containers/storage
175+
chown -R 1:1 ${TEST_SCRATCH_DIR}/chroot/merged/run ${TEST_SCRATCH_DIR}/chroot/merged/var/lib/containers
155176
mount --bind ${TEST_SCRATCH_DIR} ${TEST_SCRATCH_DIR}/chroot/merged/${TEST_SCRATCH_DIR}
156177
mkdir -p ${TEST_SCRATCH_DIR}/chroot/merged/usr/local/bin
178+
chmod 755 ${TEST_SCRATCH_DIR}/chroot/merged/usr/local/bin
157179
touch ${TEST_SCRATCH_DIR}/chroot/merged/usr/local/bin/buildah
158180
mount --bind ${BUILDAH_BINARY:-$TEST_SOURCES/../bin/buildah} ${TEST_SCRATCH_DIR}/chroot/merged/usr/local/bin/buildah
159181
cd ${TEST_SCRATCH_DIR}/chroot/merged
182+
${COPY_BINARY} --root ${TEST_SCRATCH_DIR}/root --runroot ${TEST_SCRATCH_DIR}/runroot --storage-driver ${STORAGE_DRIVER} ${storage_opts:+--storage-opt ${storage_opts}} dir:${TEST_SCRATCH_DIR}/base-image dir:${TEST_SCRATCH_DIR}/chroot/merged/base-image
160183
pivot_root . tmp
161184
mount --make-rslave tmp
162185
umount -f -l tmp
163-
mount -o remount,ro --make-rshared /
186+
mount -o remount --make-rshared /
164187
grep ' / / ' /proc/self/mountinfo
165188
# unshare from util-linux 2.39 also accepts INNER:OUTER:SIZE for --map-users
166189
# and --map-groups, but fedora 37's is too old, so the older OUTER,INNER,SIZE
167190
# (using commas instead of colons as field separators) will have to do
168-
unshare --setuid 0 --setgid 0 --map-users=1,0,1024 --map-groups=1,0,1024 -UinCfpm bash ${TEST_SCRATCH_DIR}/script2
191+
unshare --setuid 0 --setgid 0 --map-users=1,0,1024 --map-users=1025,65534,2 --map-groups=1,0,1024 --map-groups=1025,65534,2 -UinCfpm bash ${TEST_SCRATCH_DIR}/script2
169192
EOF
193+
# a script that runs inside of a new user namespace with an unprivileged ID
194+
# mapped to root, which is expected to be able to run, with the proper
195+
# configuration options, on top of that overlay filesystem
170196
cat > ${TEST_SCRATCH_DIR}/script2 <<- EOF
171197
set -e
172198
set -x
@@ -175,8 +201,11 @@ EOF
175201
cat /proc/self/uid_map
176202
cat /proc/self/gid_map
177203
mount --make-shared /
178-
/usr/local/bin/buildah ${BUILDAH_REGISTRY_OPTS} ${ROOTDIR_OPTS} from --name ctrid --pull=never --quiet docker.io/library/busybox
179-
/usr/local/bin/buildah ${BUILDAH_REGISTRY_OPTS} ${ROOTDIR_OPTS} run --isolation=chroot ctrid pwd
204+
/usr/local/bin/buildah ${BUILDAH_REGISTRY_OPTS} --root /var/lib/containers/storage --runroot /run/containers/storage --storage-driver ${STORAGE_DRIVER} ${storage_opts:+--storage-opt ${storage_opts}} pull dir:/base-image
205+
baseID=\$(jq -r .config.digest /base-image/manifest.json)
206+
/usr/local/bin/buildah ${BUILDAH_REGISTRY_OPTS} --root /var/lib/containers/storage --runroot /run/containers/storage --storage-driver ${STORAGE_DRIVER} ${storage_opts:+--storage-opt ${storage_opts}} tag \${baseID} docker.io/library/busybox
207+
/usr/local/bin/buildah ${BUILDAH_REGISTRY_OPTS} --root /var/lib/containers/storage --runroot /run/containers/storage --storage-driver ${STORAGE_DRIVER} ${storage_opts:+--storage-opt ${storage_opts}} from --name ctrid --pull=never --quiet docker.io/library/busybox
208+
/usr/local/bin/buildah ${BUILDAH_REGISTRY_OPTS} --root /var/lib/containers/storage --runroot /run/containers/storage --storage-driver ${STORAGE_DRIVER} ${storage_opts:+--storage-opt ${storage_opts}} run --isolation=chroot ctrid pwd
180209
EOF
181210
chmod +x ${TEST_SCRATCH_DIR}
182211
chmod +rx ${TEST_SCRATCH_DIR}/script1 ${TEST_SCRATCH_DIR}/script2

0 commit comments

Comments
 (0)