;;; GNU Guix --- Functional package management for GNU ;;; Copyright © 2015 David Thompson ;;; Copyright © 2016, 2017, 2019 Ludovic Courtès ;;; ;;; This file is part of GNU Guix. ;;; ;;; GNU Guix is free software; you can redistribute it and/or modify it ;;; under the terms of the GNU General Public License as published by ;;; the Free Software Foundation; either version 3 of the License, or (at ;;; your option) any later version. ;;; ;;; GNU Guix is distributed in the hope that it will be useful, but ;;; WITHOUT ANY WARRANTY; without even the implied warranty of ;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ;;; GNU General Public License for more details. ;;; ;;; You should have received a copy of the GNU General Public License ;;; along with GNU Guix. If not, see . (define-module (test-containers) #:use-module (guix utils) #:use-module (guix build syscalls) #:use-module (gnu build linux-container) #:use-module ((gnu system linux-container) #:select (eval/
aboutsummaryrefslogtreecommitdiff
blob: 5ce57915f0281ee1e782412375aa7867e06b1e1a (about) (plain)
1
2
3
4
5
6
7
8
9
10
11
#!@SHELL@
# A shorthand for "guix authenticate", for use by the daemon.

if test "x$GUIX_UNINSTALLED" = "x"
then
    prefix="@prefix@"
    exec_prefix="@exec_prefix@"
    exec "@bindir@/guix" authenticate "$@"
else
    exec guix authenticate "$@"
fi
.gnu.org/23306>. (catch 'system-error (lambda () (call-with-container (list (file-system (device "/does-not-exist") (mount-point "/foo") (type "none") (flags '(bind-mount)) (check? #f))) (const #t) #:namespaces '(user mnt))) (lambda args (list 'system-error (system-error-errno args))))) (skip-if-unsupported) (test-assert "call-with-container, all namespaces" (zero? (call-with-container '() (lambda () (primitive-exit 0))))) (skip-if-unsupported) (test-assert "container-excursion" (call-with-temporary-directory (lambda (root) ;; Two pipes: One for the container to signal that the test can begin, ;; and one for the parent to signal to the container that the test is ;; over. (match (list (pipe) (pipe)) (((start-in . start-out) (end-in . end-out)) (define (container) (close end-out) (close start-in) ;; Signal for the test to start. (write 'ready start-out) (close start-out) ;; Wait for test completion. (read end-in) (close end-in)) (define (namespaces pid) (let ((pid (number->string pid))) (map (lambda (ns) (readlink (string-append "/proc/" pid "/ns/" ns))) '("user" "ipc" "uts" "net" "pid" "mnt")))) (let* ((pid (run-container root '() %namespaces 1 container)) (container-namespaces (namespaces pid)) (result (begin (close start-out) ;; Wait for container to be ready. (read start-in) (close start-in) (container-excursion pid (lambda () ;; Fork again so that the pid is within the context of ;; the joined pid namespace instead of the original pid ;; namespace. (match (primitive-fork) (0 ;; Check that all of the namespace identifiers are ;; the same as the container process. (assert-exit (equal? container-namespaces (namespaces (getpid))))) (fork-pid (match (waitpid fork-pid) ((_ . status) (primitive-exit (status:exit-val status))))))))))) (close end-in) ;; Stop the container. (write 'done end-out) (close end-out) (waitpid pid) (zero? result))))))) (skip-if-unsupported) (test-equal "container-excursion, same namespaces" 42 ;; The parent and child are in the same namespaces. 'container-excursion' ;; should notice that and avoid calling 'setns' since that would fail. (container-excursion (getpid) (lambda () (primitive-exit 42)))) (skip-if-unsupported) (test-assert "container-excursion*" (call-with-temporary-directory (lambda (root) (define (namespaces pid) (let ((pid (number->string pid))) (map (lambda (ns) (readlink (string-append "/proc/" pid "/ns/" ns))) '("user" "ipc" "uts" "net" "pid" "mnt")))) (let* ((pid (run-container root '() %namespaces 1 (lambda () (sleep 100)))) (expected (namespaces pid)) (result (container-excursion* pid (lambda () (namespaces 1))))) (kill pid SIGKILL) (equal? result expected))))) (skip-if-unsupported) (test-equal "container-excursion*, same namespaces" 42 (container-excursion* (getpid) (lambda () (* 6 7)))) (skip-if-unsupported) (test-equal "eval/container, exit status" 42 (let* ((store (open-connection-for-tests)) (status (run-with-store store (eval/container #~(exit 42))))) (close-connection store) (status:exit-val status))) (skip-if-unsupported) (test-assert "eval/container, writable user mapping" (call-with-temporary-directory (lambda (directory) (define store (open-connection-for-tests)) (define result (string-append directory "/r")) (define requisites* (store-lift requisites)) (call-with-output-file result (const #t)) (run-with-store store (mlet %store-monad ((status (eval/container #~(begin (use-modules (ice-9 ftw)) (call-with-output-file "/result" (lambda (port) (write (scandir #$(%store-prefix)) port)))) #:mappings (list (file-system-mapping (source result) (target "/result") (writable? #t))))) (reqs (requisites* (list (derivation->output-path (%guile-for-build)))))) (close-connection store) (return (and (zero? (pk 'status status)) (lset= string=? (cons* "." ".." (map basename reqs)) (pk (call-with-input-file result read)))))))))) (skip-if-unsupported) (test-assert "eval/container, non-empty load path" (call-with-temporary-directory (lambda (directory) (define store (open-connection-for-tests)) (define result (string-append directory "/r")) (define requisites* (store-lift requisites)) (mkdir result) (run-with-store store (mlet %store-monad ((status (eval/container (with-imported-modules '((guix build utils)) #~(begin (use-modules (guix build utils)) (mkdir-p "/result/a/b/c"))) #:mappings (list (file-system-mapping (source result) (target "/result") (writable? #t)))))) (close-connection store) (return (and (zero? status) (file-is-directory? (string-append result "/a/b/c"))))))))) (test-end)