2 files changed, 235 insertions, 0 deletions

diff --git a/test/create-busybox-container b/test/create-busybox-container
index 96d32abce8..5b2c80e2c6 100755
--- a/test/create-busybox-container
+++ b/test/create-busybox-container
@@ -12,12 +12,15 @@ mkdir -p "$root/usr/bin"
 busybox="$(type -P busybox-static || type -P busybox)"
 cp "$busybox" "$root/usr/bin/busybox"
 
+mkdir "$root/var"
 mkdir -p "$root/usr/lib"
 touch "$root/usr/lib/os-release"
 
 ln -s busybox "$root/usr/bin/cat"
+ln -s busybox "$root/usr/bin/hostname"
 ln -s busybox "$root/usr/bin/ip"
 ln -s busybox "$root/usr/bin/md5sum"
+ln -s busybox "$root/usr/bin/mountpoint"
 ln -s busybox "$root/usr/bin/ps"
 ln -s busybox "$root/usr/bin/seq"
 ln -s busybox "$root/usr/bin/sh"
@@ -26,8 +29,23 @@ ln -s busybox "$root/usr/bin/stat"
 ln -s busybox "$root/usr/bin/test"
 ln -s busybox "$root/usr/bin/touch"
 ln -s busybox "$root/usr/bin/tr"
+ln -s busybox "$root/usr/bin/true"
 ln -s busybox "$root/usr/bin/usleep"
 
+# Mock the bare minimum of getent to make systemd-nspawn --user= "work"
+cat >"$root/usr/bin/getent" <<\EOF
+#!/bin/sh
+
+if [[ $# - eq 0 ]]; then
+    :
+elif [[ $1 == passwd ]]; then
+    echo "testuser:x:1000:1000:testuser:/:/bin/sh"
+elif [[ $1 == initgroups ]]; then
+    echo "testuser"
+fi
+EOF
+chmod +x "$root/usr/bin/getent"
+
 mkdir -p "$root/usr/sbin"
 cat >"$root/usr/sbin/init" <<\EOF
 #!/bin/sh
diff --git a/test/units/testsuite-13.nspawn.sh b/test/units/testsuite-13.nspawn.sh
index c234887d05..22a06e8112 100755
--- a/test/units/testsuite-13.nspawn.sh
+++ b/test/units/testsuite-13.nspawn.sh
@@ -45,6 +45,223 @@ fi
 mkdir -p /var/lib/machines
 mount -t tmpfs tmpfs /var/lib/machines
 
+testcase_sanity_check() {
+    local template root image oci uuid tmpdir
+
+    template="$(mktemp -d /tmp/nspawn-template.XXX)"
+    "$CREATE_BB_CONTAINER" "$template"
+    # Create a simple image from the just created container template
+    image="$(mktemp /var/lib/machines/testsuite-13.image-XXX.img)"
+    dd if=/dev/zero of="$image" bs=1M count=32
+    mkfs.ext4 "$image"
+    mkdir -p /mnt
+    mount -o loop "$image" /mnt
+    cp -r "$template"/* /mnt/
+    umount /mnt
+    # Create a simple OCI bundle
+    oci="$(mktemp -d /var/lib/machines/testsuite-13.oci-bundle.XXX)"
+    "$CREATE_BB_CONTAINER" "$oci/rootfs"
+    cat >"$oci/config.json" <<EOF
+{
+    "ociVersion" : "1.0.0",
+    "root" : {
+            "path" : "rootfs"
+    },
+    "mounts" : [
+        {
+            "destination" : "/root",
+            "type" : "tmpfs",
+            "source" : "tmpfs"
+        }
+    ]
+}
+EOF
+
+    systemd-nspawn --help --no-pager
+    systemd-nspawn --version
+
+    # --template=
+    root="$(mktemp -u -d /var/lib/machines/testsuite-13.sanity.XXX)"
+    (! systemd-nspawn --directory="$root" sh -xec 'echo hello')
+    # Initialize $root from $template (the $root directory must not exist, hence
+    # the `mktemp -u` above)
+    systemd-nspawn --directory="$root" --template="$template" sh -xec 'echo hello'
+    systemd-nspawn --directory="$root" sh -xec 'echo hello; touch /initialized'
+    test -e "$root/initialized"
+    # Check if the $root doesn't get re-initialized once it's not empty
+    systemd-nspawn --directory="$root" --template="$template" sh -xec 'echo hello'
+    test -e "$root/initialized"
+
+    systemd-nspawn --directory="$root" --ephemeral sh -xec 'touch /ephemeral'
+    test ! -e "$root/ephemeral"
+    (! systemd-nspawn --directory="$root" --read-only sh -xec 'touch /nope')
+    test ! -e "$root/nope"
+    systemd-nspawn --image="$image" sh -xec 'echo hello'
+    systemd-nspawn --oci-bundle="$oci" sh -xec 'mountpoint /root'
+
+    # --volatile=
+    touch "$root/usr/has-usr"
+    # volatile(=yes): rootfs is tmpfs, /usr/ from the OS tree is mounted read only
+    systemd-nspawn --directory="$root"\
+                   --volatile \
+                   sh -xec 'test -e /usr/has-usr; touch /usr/read-only && exit 1; touch /nope'
+    test ! -e "$root/nope"
+    test ! -e "$root/usr/read-only"
+    systemd-nspawn --directory="$root"\
+                   --volatile=yes \
+                   sh -xec 'test -e /usr/has-usr; touch /usr/read-only && exit 1; touch /nope'
+    test ! -e "$root/nope"
+    test ! -e "$root/usr/read-only"
+    # volatile=state: rootfs is read-only, /var/ is tmpfs
+    systemd-nspawn --directory="$root" \
+                   --volatile=state \
+                   sh -xec 'test -e /usr/has-usr; mountpoint /var; touch /read-only && exit 1; touch /var/nope'
+    test ! -e "$root/read-only"
+    test ! -e "$root/var/nope"
+    # volatile=state: tmpfs overlay is mounted over rootfs
+    systemd-nspawn --directory="$root" \
+                   --volatile=overlay \
+                   sh -xec 'test -e /usr/has-usr; touch /nope; touch /var/also-nope; touch /usr/nope-too'
+    test ! -e "$root/nope"
+    test ! -e "$root/var/also-nope"
+    test ! -e "$root/usr/nope-too"
+
+    # --machine=, --hostname=
+    systemd-nspawn --directory="$root" \
+                   --machine="foo-bar.baz" \
+                   sh -xec '[[ $(hostname) == foo-bar.baz ]]'
+    systemd-nspawn --directory="$root" \
+                   --hostname="hello.world.tld" \
+                   sh -xec '[[ $(hostname) == hello.world.tld ]]'
+    systemd-nspawn --directory="$root" \
+                   --machine="foo-bar.baz" \
+                   --hostname="hello.world.tld" \
+                   sh -xec '[[ $(hostname) == hello.world.tld ]]'
+
+    # --uuid=
+    rm -f "$root/etc/machine-id"
+    uuid="deadbeef-dead-dead-beef-000000000000"
+    systemd-nspawn --directory="$root" \
+                   --uuid="$uuid" \
+                   sh -xec "[[ \$container_uuid == $uuid ]]"
+
+    # --as-pid2
+    systemd-nspawn --directory="$root" sh -xec '[[ $$ -eq 1 ]]'
+    systemd-nspawn --directory="$root" --as-pid2 sh -xec '[[ $$ -eq 2 ]]'
+
+    # --user=
+    systemd-nspawn --directory="$root" sh -xec '[[ $USER == root ]]'
+    systemd-nspawn --directory="$root" --user=testuser sh -xec '[[ $USER == testuser ]]'
+
+    # --settings= + .nspawn files
+    mkdir -p /run/systemd/nspawn/
+    uuid="deadbeef-dead-dead-beef-000000000000"
+    echo -ne "[Exec]\nMachineID=deadbeef-dead-dead-beef-111111111111" >/run/systemd/nspawn/foo-bar.nspawn
+    systemd-nspawn --directory="$root" \
+                   --machine=foo-bar \
+                   --settings=yes \
+                   sh -xec '[[ $container_uuid == deadbeef-dead-dead-beef-111111111111 ]]'
+    systemd-nspawn --directory="$root" \
+                   --machine=foo-bar \
+                   --uuid="$uuid" \
+                   --settings=yes \
+                   sh -xec "[[ \$container_uuid == $uuid ]]"
+    systemd-nspawn --directory="$root" \
+                   --machine=foo-bar \
+                   --uuid="$uuid" \
+                   --settings=override \
+                   sh -xec '[[ $container_uuid == deadbeef-dead-dead-beef-111111111111 ]]'
+    systemd-nspawn --directory="$root" \
+                   --machine=foo-bar \
+                   --uuid="$uuid" \
+                   --settings=trusted \
+                   sh -xec "[[ \$container_uuid == $uuid ]]"
+
+    # Mounts
+    tmpdir="$(mktemp -d)"
+    mkdir "$tmpdir"/{1,2,3}
+    touch "$tmpdir/1/one" "$tmpdir/2/two" "$tmpdir/3/three"
+    touch "$tmpdir/foo"
+    # --bind=
+    systemd-nspawn --directory="$root" \
+                   --bind="$tmpdir:/foo" \
+                   sh -xec 'test -e /foo/foo; touch /foo/bar'
+    test -e "$tmpdir/bar"
+    # --bind-ro=
+    systemd-nspawn --directory="$root" \
+                   --bind-ro="$tmpdir:/foo" \
+                   sh -xec 'test -e /foo/foo; touch /foo/baz && exit 1; true'
+    # --inaccessible=
+    systemd-nspawn --directory="$root" \
+                   --inaccessible=/var \
+                   sh -xec 'touch /var/foo && exit 1; true'
+    # --tmpfs=
+    systemd-nspawn --directory="$root" \
+                   --tmpfs=/var:rw,nosuid,noexec \
+                   sh -xec 'touch /var/nope'
+    test ! -e "$root/var/nope"
+    # --overlay=
+    systemd-nspawn --directory="$root" \
+                   --overlay="$tmpdir/1:$tmpdir/2:$tmpdir/3:/var" \
+                   sh -xec 'test -e /var/one; test -e /var/two; test -e /var/three; touch /var/foo'
+    test -e "$tmpdir/3/foo"
+    # --overlay-ro=
+    systemd-nspawn --directory="$root" \
+                   --overlay-ro="$tmpdir/1:$tmpdir/2:$tmpdir/3:/var" \
+                   sh -xec 'test -e /var/one; test -e /var/two; test -e /var/three; touch /var/nope && exit 1; true'
+    test ! -e "$tmpdir/3/nope"
+    rm -fr "$tmpdir"
+
+    # Assorted tests
+    systemd-nspawn --directory="$root" --suppress-sync=yes sh -xec 'echo hello'
+    systemd-nspawn --capability=help
+    systemd-nspawn --resolv-conf=help
+    systemd-nspawn --timezone=help
+
+    # Handling of invalid arguments
+    opts=(
+        bind
+        bind-ro
+        bind-user
+        chdir
+        console
+        inaccessible
+        kill-signal
+        link-journal
+        load-credential
+        network-{interface,macvlan,ipvlan,veth-extra,bridge,zone}
+        no-new-privileges
+        oom-score-adjust
+        overlay
+        overlay-ro
+        personality
+        pivot-root
+        port
+        private-users
+        private-users-ownership
+        register
+        resolv-conf
+        rlimit
+        root-hash
+        root-hash-sig
+        set-credential
+        settings
+        suppress-sync
+        timezone
+        tmpfs
+        uuid
+    )
+    for opt in "${opts[@]}"; do
+        (! systemd-nspawn "--$opt")
+        [[ "$opt" == network-zone ]] && continue
+        (! systemd-nspawn "--$opt=''")
+        (! systemd-nspawn "--$opt=%\$š")
+    done
+    (! systemd-nspawn --volatile="")
+    (! systemd-nspawn --volatile=-1)
+    (! systemd-nspawn --rlimit==)
+}
+
 testcase_check_bind_tmp_path() {
     # https://github.com/systemd/systemd/issues/4789
     local root