container: Better handle lxc_start #56
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: CI tests | |
on: | |
- push | |
- pull_request | |
jobs: | |
test: | |
strategy: | |
fail-fast: false | |
matrix: | |
go: | |
- 1.20.x | |
- stable | |
os: | |
- ubuntu-20.04 | |
- ubuntu-22.04 | |
runs-on: ${{ matrix.os }} | |
steps: | |
- name: Install Go | |
uses: actions/setup-go@v4 | |
with: | |
go-version: ${{ matrix.go }} | |
- name: Checkout code | |
uses: actions/checkout@v2 | |
- name: Install dependencies | |
run: | | |
sudo add-apt-repository ppa:ubuntu-lxc/daily -y | |
sudo apt-get install -qq apparmor lxc lxc-dev pkg-config uidmap busybox libdbus-1-dev libseccomp-dev libcap-dev libselinux-dev nftables iptables | |
- name: Reset all firewalling | |
run: | | |
sudo iptables -F | |
sudo iptables -P INPUT ACCEPT | |
sudo iptables -P OUTPUT ACCEPT | |
sudo iptables -P FORWARD ACCEPT | |
sudo nft flush ruleset | |
- name: Setup test environment | |
run: | | |
# Setup uid/gid and veth allocations | |
echo "${USER}:100000:65536" | sudo tee /etc/subuid | |
echo "${USER}:100000:65536" | sudo tee /etc/subgid | |
echo "${USER} veth lxcbr0 10" | sudo tee -a /etc/lxc/lxc-usernet | |
# Local user configuration for userns | |
mkdir -p ~/.config/lxc/ | |
cp /etc/lxc/default.conf ~/.config/lxc/default.conf | |
echo "lxc.idmap = u 0 100000 65536" | tee -a ~/.config/lxc/default.conf | |
echo "lxc.idmap = g 0 100000 65536" | tee -a ~/.config/lxc/default.conf | |
# Allow traversal to the containers | |
mkdir -p ~/.local/share/lxc | |
chmod +x ~/ ~/.local ~/.local/share ~/.local/share/lxc | |
- name: Build the test | |
run: | |
go test -c -coverprofile=profile | |
- name: Unprivileged tests | |
env: | |
DOWNLOAD_KEYSERVER: keyserver.ubuntu.com | |
run: | | |
# Make all cgroups writable | |
if [ ! -e /sys/fs/cgroup/cgroup.controllers ]; then | |
# CGroup 1 | |
for d in /sys/fs/cgroup/*; do | |
[ -f $d/cgroup.clone_children ] && echo 1 | sudo tee $d/cgroup.clone_children | |
[ -f $d/cgroup.use_hierarchy ] && echo 1 | sudo tee $d/cgroup.use_hierarchy | |
sudo mkdir -p $d/lxc-test | |
sudo chown -R $USER: $d/lxc-test | |
echo $$ | sudo tee $d/lxc-test/cgroup.procs | |
done | |
# Run the unprivileged tests | |
./go-lxc.test -test.v -test.coverprofile=/tmp/unpriv.out | |
else | |
# CGroup 2 | |
sudo mkdir -p /sys/fs/cgroup/lxc-test | |
sudo chown -R $USER: /sys/fs/cgroup/lxc-test | |
echo $$ | sudo tee /sys/fs/cgroup/lxc-test/cgroup.procs | |
# Run the unprivileged tests | |
systemd-run --unit=go-lxc-test --user --scope -p "Delegate=yes" ./go-lxc.test -test.v -test.coverprofile=/tmp/unpriv.out | |
fi | |
- name: Privileged tests | |
env: | |
DOWNLOAD_KEYSERVER: keyserver.ubuntu.com | |
run: | |
sudo -E ./go-lxc.test -test.v -test.coverprofile=/tmp/priv.out | |
- name: Code coverage | |
run: make cover |