Skip to content

Commit 2ed4845

Browse files
nalindnalind
committed
chroot.bats(chroot with overlay root): ensure we can overlay
When setting up a chroot using overlay, if the intended upper directory is already on an overlayfs, mount a tmpfs onto it so that we can finish setting up the chroot that's an overlayfs that we'll actually test in, and copy the base image into the storage that it'll use. Signed-off-by: Nalin Dahyabhai <[email protected]>
1 parent 7574fe2 commit 2ed4845

File tree

1 file changed

+33
-4
lines changed

1 file changed

+33
-4
lines changed

tests/chroot.bats

+33-4
Original file line numberDiff line numberDiff line change
@@ -124,11 +124,24 @@ load helpers
124124
cp -v ${TEST_SOURCES}/containers.conf ${TEST_SCRATCH_DIR}/containers.conf
125125
chmod ugo+r ${TEST_SCRATCH_DIR}/containers.conf
126126
mkdir -p ${TEST_SCRATCH_DIR}/chroot
127+
${COPY_BINARY} containers-storage:[${STORAGE_DRIVER}@${TEST_SCRATCH_DIR}/root+${TEST_SCRATCH_DIR}/runroot]docker.io/library/busybox:latest dir:${TEST_SCRATCH_DIR}/base-image
127128
chown -R 1:1 ${TEST_SCRATCH_DIR}/root ${TEST_SCRATCH_DIR}/runroot ${TEST_SCRATCH_DIR}/chroot
129+
if test ${STORAGE_DRIVER} = overlay ; then
130+
if test -x /usr/bin/fuse-overlayfs ; then
131+
local storage_opts="overlay.mount_program=/usr/bin/fuse-overlayfs"
132+
else
133+
skip trying to use overlay on top of overlay, but fuse-overlayfs is not present
134+
fi
135+
fi
136+
# a script that runs inside of a new mount namespace and mounts the current
137+
# rootfs as the "lower" for an overlay, then pivots into it
128138
cat > ${TEST_SCRATCH_DIR}/script1 <<- EOF
129139
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin${PATH:+:$PATH}
130140
set -e
131141
set -x
142+
if test \$(stat -f -c %T "${TEST_SCRATCH_DIR}/chroot") = overlayfs ; then
143+
mount -t tmpfs -o size=16M none ${TEST_SCRATCH_DIR}/chroot
144+
fi
132145
mkdir -p ${TEST_SCRATCH_DIR}/chroot/workdir
133146
mkdir -p ${TEST_SCRATCH_DIR}/chroot/upperdir
134147
mkdir -p ${TEST_SCRATCH_DIR}/chroot/merged
@@ -152,21 +165,34 @@ load helpers
152165
if test -d /var/tmp; then
153166
mount --bind /var/tmp ${TEST_SCRATCH_DIR}/chroot/merged/var/tmp
154167
fi
168+
mkdir -p ${TEST_SCRATCH_DIR}/chroot/merged/run
169+
mount -t tmpfs -o size=1024k none ${TEST_SCRATCH_DIR}/chroot/merged/run
170+
chmod 755 ${TEST_SCRATCH_DIR}/chroot/merged/run
171+
mkdir -p ${TEST_SCRATCH_DIR}/chroot/merged/run/containers/storage
172+
chmod 755 ${TEST_SCRATCH_DIR}/chroot/merged/run/containers/storage
173+
mkdir -p ${TEST_SCRATCH_DIR}/chroot/merged/var/lib/containers/storage
174+
chmod 755 ${TEST_SCRATCH_DIR}/chroot/merged/var/lib/containers/storage
175+
chown -R 1:1 ${TEST_SCRATCH_DIR}/chroot/merged/run ${TEST_SCRATCH_DIR}/chroot/merged/var/lib/containers
155176
mount --bind ${TEST_SCRATCH_DIR} ${TEST_SCRATCH_DIR}/chroot/merged/${TEST_SCRATCH_DIR}
156177
mkdir -p ${TEST_SCRATCH_DIR}/chroot/merged/usr/local/bin
178+
chmod 755 ${TEST_SCRATCH_DIR}/chroot/merged/usr/local/bin
157179
touch ${TEST_SCRATCH_DIR}/chroot/merged/usr/local/bin/buildah
158180
mount --bind ${BUILDAH_BINARY:-$TEST_SOURCES/../bin/buildah} ${TEST_SCRATCH_DIR}/chroot/merged/usr/local/bin/buildah
159181
cd ${TEST_SCRATCH_DIR}/chroot/merged
182+
${COPY_BINARY} --root ${TEST_SCRATCH_DIR}/root --runroot ${TEST_SCRATCH_DIR}/runroot --storage-driver ${STORAGE_DRIVER} ${storage_opts:+--storage-opt ${storage_opts}} dir:${TEST_SCRATCH_DIR}/base-image dir:${TEST_SCRATCH_DIR}/chroot/merged/base-image
160183
pivot_root . tmp
161184
mount --make-rslave tmp
162185
umount -f -l tmp
163-
mount -o remount,ro --make-rshared /
186+
mount -o remount --make-rshared /
164187
grep ' / / ' /proc/self/mountinfo
165188
# unshare from util-linux 2.39 also accepts INNER:OUTER:SIZE for --map-users
166189
# and --map-groups, but fedora 37's is too old, so the older OUTER,INNER,SIZE
167190
# (using commas instead of colons as field separators) will have to do
168-
unshare --setuid 0 --setgid 0 --map-users=1,0,1024 --map-groups=1,0,1024 -UinCfpm bash ${TEST_SCRATCH_DIR}/script2
191+
unshare --setuid 0 --setgid 0 --map-users=1,0,1024 --map-users=1025,65534,2 --map-groups=1,0,1024 --map-groups=1025,65534,2 -UinCfpm bash ${TEST_SCRATCH_DIR}/script2
169192
EOF
193+
# a script that runs inside of a new user namespace with an unprivileged ID
194+
# mapped to root, which is expected to be able to run, with the proper
195+
# configuration options, on top of that overlay filesystem
170196
cat > ${TEST_SCRATCH_DIR}/script2 <<- EOF
171197
set -e
172198
set -x
@@ -175,8 +201,11 @@ EOF
175201
cat /proc/self/uid_map
176202
cat /proc/self/gid_map
177203
mount --make-shared /
178-
/usr/local/bin/buildah ${BUILDAH_REGISTRY_OPTS} ${ROOTDIR_OPTS} from --name ctrid --pull=never --quiet docker.io/library/busybox
179-
/usr/local/bin/buildah ${BUILDAH_REGISTRY_OPTS} ${ROOTDIR_OPTS} run --isolation=chroot ctrid pwd
204+
/usr/local/bin/buildah ${BUILDAH_REGISTRY_OPTS} --root /var/lib/containers/storage --runroot /run/containers/storage --storage-driver ${STORAGE_DRIVER} ${storage_opts:+--storage-opt ${storage_opts}} pull dir:/base-image
205+
baseID=\$(jq -r .config.digest /base-image/manifest.json)
206+
/usr/local/bin/buildah ${BUILDAH_REGISTRY_OPTS} --root /var/lib/containers/storage --runroot /run/containers/storage --storage-driver ${STORAGE_DRIVER} ${storage_opts:+--storage-opt ${storage_opts}} tag \${baseID} docker.io/library/busybox
207+
/usr/local/bin/buildah ${BUILDAH_REGISTRY_OPTS} --root /var/lib/containers/storage --runroot /run/containers/storage --storage-driver ${STORAGE_DRIVER} ${storage_opts:+--storage-opt ${storage_opts}} from --name ctrid --pull=never --quiet docker.io/library/busybox
208+
/usr/local/bin/buildah ${BUILDAH_REGISTRY_OPTS} --root /var/lib/containers/storage --runroot /run/containers/storage --storage-driver ${STORAGE_DRIVER} ${storage_opts:+--storage-opt ${storage_opts}} run --isolation=chroot ctrid pwd
180209
EOF
181210
chmod +x ${TEST_SCRATCH_DIR}
182211
chmod +rx ${TEST_SCRATCH_DIR}/script1 ${TEST_SCRATCH_DIR}/script2

0 commit comments

Comments
 (0)