diff options
| author | Ludovic Courtès <[email protected]> | 2025-01-22 23:48:14 +0100 |
|---|---|---|
| committer | Ludovic Courtès <[email protected]> | 2025-03-26 17:57:44 +0100 |
| commit | 2f65438eba584c5c0181af917445bb6025d3d0c8 (patch) | |
| tree | fa48bad3063e290a20634cdb0bfa5f218ec2408c /build-aux | |
| parent | f854095b6ffb6ed86c8a66126825b7d41b5ccf96 (diff) | |
tests: Run in a chroot and unprivileged user namespaces.
* build-aux/test-env.in: Pass ‘--disable-chroot’ only when unprivileged
user namespace support is lacking and warn in that case.
* tests/store.scm ("build-things, check mode"): Use ‘gettimeofday’
rather than a shared file as a source of entropy.
("symlink is symlink")
("isolated environment", "inputs are read-only")
("inputs cannot be remounted read-write")
("build root cannot be made world-readable")
("/tmp, store, and /dev/{null,full} are writable")
("network is unreachable"): New tests.
* tests/processes.scm ("client + lock"): Skip when
‘unprivileged-user-namespace-supported?’ returns true.
Change-Id: I3b3c3ebdf6db5fd36ee70251d07b893c17ca1b84
Diffstat (limited to 'build-aux')
| -rw-r--r-- | build-aux/test-env.in | 18 |
1 files changed, 16 insertions, 2 deletions
diff --git a/build-aux/test-env.in b/build-aux/test-env.in index 9caa29da58..86c2e585d7 100644 --- a/build-aux/test-env.in +++ b/build-aux/test-env.in @@ -1,7 +1,7 @@ #!/bin/sh # GNU Guix --- Functional package management for GNU -# Copyright © 2012, 2013, 2014, 2015, 2016, 2017, 2018, 2019, 2021 Ludovic Courtès <[email protected]> +# Copyright © 2012-2019, 2021, 2025 Ludovic Courtès <[email protected]> # # This file is part of GNU Guix. # @@ -102,10 +102,24 @@ then rm -rf "$GUIX_STATE_DIRECTORY/daemon-socket" mkdir -m 0700 "$GUIX_STATE_DIRECTORY/daemon-socket" + # If unprivileged user namespaces are not supported, pass + # '--disable-chroot'. + if [ -f /proc/self/ns/user ] \ + && { [ ! -f /proc/sys/kernel/unprivileged_userns_clone ] \ + || [ "$(cat /proc/sys/kernel/unprivileged_userns_clone)" -eq 1 ]; } + then + extra_options="" + else + extra_options="--disable-chroot" + echo "unprivileged user namespaces not supported; \ +running 'guix-daemon $extra_options'" >&2 + fi + # Launch the daemon without chroot support because is may be # unavailable, for instance if we're not running as root. "@abs_top_builddir@/pre-inst-env" \ - "@abs_top_builddir@/guix-daemon" --disable-chroot \ + "@abs_top_builddir@/guix-daemon" \ + $extra_options \ --substitute-urls="$GUIX_BINARY_SUBSTITUTE_URL" & daemon_pid=$! |