tiny-container-user-device-sharing automated
medium
- Image Types:
- tiny-lxc-armhf / tiny-lxc-arm64 / tiny-lxc-amd64
- Image Deployment:
- LXC
- Type:
- functional
Description
Test of device sharing between host and Tiny unprivileged container started as user
Pre Conditions
- Clone the tests repository from another computer (Note that the branch being tested may change depending on the release, please make sure to clone the correct branch for the release in question):
- Copy the test directory tiny-image-recipes to the target device:
- Log into the target device:
$ git clone --branch apertis/v2023 https://gitlab.apertis.org/infrastructure/tiny-image-recipes.git
$ DUT_IP=<device-ip>
$ scp -r tiny-image-recipes user@$DUT_IP:
$ ssh user@$DUT_IP
Execution Steps
- Enter test directory:
- Ensure we allow user mapping:
- Setup the AppArmor profile for container:
- Ensure we have loop device:
- Create the random file and map it to loop0 device on host:
- Make sure user have correct mappings for test:
- Add user to group 'disk' for accessing to '/dev/loop0' device:
- Check that a simple loop device created on the host can be shared with the container and accessed from inside it:
- Release the loop0 device on host after the test:
$ cd tiny-image-recipes
$ sysctl -w kernel.unprivileged_userns_clone=1
$ sed s/__NAMESPACE_PLACEHOLDER__/lxc-apertis-tiny-userns/g lxc/lxc-tiny-connectivity-profile-template | apparmor_parser -qr
$ modprobe loop
$ dd if=/dev/urandom of=/var/test.img bs=1M count=1
$ losetup /dev/loop0 /var/test.img
$ usermod --add-subuids 1000-1000 user
$ usermod --add-subuids 100000-165535 user
$ usermod --add-subgids 6-6 user
$ usermod --add-subgids 100000-165535 user
$ usermod -a -G disk user
$ sudo -u user -H lavatests/test-device-sharing --ospack "$OSPACK" -t lxc/lxc-tiny-connectivity --aa-namespace "lxc-apertis-tiny-userns"
$ losetup -d /dev/loop0
Expected
Test command should report "pass".