morgan/systemd
1
0
Fork 0
mirror of https://github.com/morgan9e/systemd synced 2026-04-14 00:14:32 +09:00
Code Issues Packages Projects Releases Wiki Activity

nspawn: unconditionally enable FUSE and use FOREACH_ARRAY() (#36407)

Browse Source 
- FUSE is unconditionally enabled in the container, as our kernel base
line (v5.4) supports userns-safe FUSE, which is supported since v4.18.
- Create /dev/net/tun only when it is accessible.
- Replaces several loops with FOREACH_ARRAY().
This commit is contained in:
Yu Watanabe
2025-02-19 02:09:58 +09:00
committed by GitHub
parent 011a83e42b 114d191a17
commit 134bb7bfdf
7 changed files with 74 additions and 211 deletions
Download Patch File Download Diff File Expand all files Collapse all files

35
test/units/TEST-13-NSPAWN.nspawn.sh
View File

@@ -1231,31 +1231,16 @@ testcase_unpriv_fuse() {
}
test_tun() {
local expect=${1?}
local exists=${2?}
local command command_exists command_not_exists
shift 2
command_exists='[[ -c /dev/net/tun ]]; [[ "$(stat /dev/net/tun --format=%u)" == 0 ]]; [[ "$(stat /dev/net/tun --format=%g)" == 0 ]]'
command_not_exists='[[ ! -e /dev/net/tun ]]'
if [[ "$exists" == 0 ]]; then
command="$command_not_exists"
else
command="$command_exists"
fi
systemd-nspawn "$@" bash -xec "$command_exists"
systemd-nspawn "$@" bash -xec '[[ -c /dev/net/tun ]]; [[ "$(stat /dev/net/tun --format=%u)" == 0 ]]; [[ "$(stat /dev/net/tun --format=%g)" == 0 ]]'
# check if the owner of the host device is unchanged, see issue #34243.
[[ "$(stat /dev/net/tun --format=%u)" == 0 ]]
[[ "$(stat /dev/net/tun --format=%g)" == 0 ]]
# Without DeviceAllow= for /dev/net/tun, see issue #35116.
assert_rc \
"$expect" \
systemd-run --wait -p Environment=SYSTEMD_LOG_LEVEL=debug -p DevicePolicy=closed -p DeviceAllow="char-pts rw" \
systemd-nspawn "$@" bash -xec "$command"
systemd-run \
--wait -p Environment=SYSTEMD_LOG_LEVEL=debug -p DevicePolicy=closed -p DeviceAllow="char-pts rw" \
systemd-nspawn "$@" bash -xec '[[ ! -e /dev/net/tun ]]'
[[ "$(stat /dev/net/tun --format=%u)" == 0 ]]
[[ "$(stat /dev/net/tun --format=%g)" == 0 ]]
@@ -1272,12 +1257,12 @@ testcase_dev_net_tun() {
root="$(mktemp -d /var/lib/machines/TEST-13-NSPAWN.tun.XXX)"
create_dummy_container "$root"
test_tun 0 1 --ephemeral --directory="$root" --private-users=no
test_tun 0 1 --ephemeral --directory="$root" --private-users=yes
test_tun 0 0 --ephemeral --directory="$root" --private-users=pick
test_tun 0 1 --ephemeral --directory="$root" --private-users=no --private-network
test_tun 0 1 --ephemeral --directory="$root" --private-users=yes --private-network
test_tun 1 0 --ephemeral --directory="$root" --private-users=pick --private-network
test_tun --ephemeral --directory="$root" --private-users=no
test_tun --ephemeral --directory="$root" --private-users=yes
test_tun --ephemeral --directory="$root" --private-users=pick
test_tun --ephemeral --directory="$root" --private-users=no --private-network
test_tun --ephemeral --directory="$root" --private-users=yes --private-network
test_tun --ephemeral --directory="$root" --private-users=pick --private-network
rm -fr "$root"
}