From c2df08b5b815a1368e979a4ac9585e2fb1408d9f Mon Sep 17 00:00:00 2001 From: Frantisek Sumsal Date: Fri, 12 May 2023 10:14:06 +0200 Subject: test: clean up the nspawn tests a bit --- test/TEST-13-NSPAWN-SMOKE/test.sh | 23 ++- test/create-busybox-container | 16 +- test/test-functions | 3 +- test/units/testsuite-13.sh | 368 ++++++++++++++++++++++++-------------- 4 files changed, 258 insertions(+), 152 deletions(-) (limited to 'test') diff --git a/test/TEST-13-NSPAWN-SMOKE/test.sh b/test/TEST-13-NSPAWN-SMOKE/test.sh index 65c1e9be3d..8352541b17 100755 --- a/test/TEST-13-NSPAWN-SMOKE/test.sh +++ b/test/TEST-13-NSPAWN-SMOKE/test.sh @@ -10,21 +10,20 @@ TEST_NO_NSPAWN=1 . "${TEST_BASE_DIR:?}/test-functions" test_append_files() { - ( - local workspace="${1:?}" + local workspace="${1:?}" - # On openSUSE the static linked version of busybox is named "busybox-static". - busybox="$(type -P busybox-static || type -P busybox)" - inst_simple "$busybox" "$(dirname "$busybox")/busybox" + # On openSUSE the static linked version of busybox is named "busybox-static". + busybox="$(type -P busybox-static || type -P busybox)" + inst_simple "$busybox" "$(dirname "$busybox")/busybox" - if command -v selinuxenabled >/dev/null && selinuxenabled; then - image_install selinuxenabled - cp -ar /etc/selinux "$workspace/etc/selinux" - fi + if command -v selinuxenabled >/dev/null && selinuxenabled; then + image_install chcon selinuxenabled + cp -ar /etc/selinux "$workspace/etc/selinux" + sed -i "s/^SELINUX=.*$/SELINUX=permissive/" "$workspace/etc/selinux/config" + fi - "$TEST_BASE_DIR/create-busybox-container" "$workspace/testsuite-13.nc-container" - initdir="$workspace/testsuite-13.nc-container" image_install nc ip md5sum - ) + "$TEST_BASE_DIR/create-busybox-container" "$workspace/testsuite-13.nc-container" + initdir="$workspace/testsuite-13.nc-container" image_install nc ip md5sum } do_test "$@" diff --git a/test/create-busybox-container b/test/create-busybox-container index fca9d6150a..73d8066cc6 100755 --- a/test/create-busybox-container +++ b/test/create-busybox-container @@ -1,11 +1,10 @@ #!/usr/bin/env bash # SPDX-License-Identifier: LGPL-2.1-or-later -set -e -set -u +set -eu set -o pipefail -root="${1:?Usage $0 container-root}" +root="${1:?Usage: $0 container-root}" mkdir -p "$root" mkdir "$root/bin" @@ -16,17 +15,18 @@ cp "$busybox" "$root/bin/busybox" mkdir -p "$root/usr/lib" touch "$root/usr/lib/os-release" -ln -s busybox "$root/bin/sh" ln -s busybox "$root/bin/cat" -ln -s busybox "$root/bin/tr" -ln -s busybox "$root/bin/ps" ln -s busybox "$root/bin/ip" +ln -s busybox "$root/bin/md5sum" +ln -s busybox "$root/bin/ps" ln -s busybox "$root/bin/seq" +ln -s busybox "$root/bin/sh" ln -s busybox "$root/bin/sleep" -ln -s busybox "$root/bin/usleep" -ln -s busybox "$root/bin/test" ln -s busybox "$root/bin/stat" +ln -s busybox "$root/bin/test" ln -s busybox "$root/bin/touch" +ln -s busybox "$root/bin/tr" +ln -s busybox "$root/bin/usleep" mkdir -p "$root/sbin" cat <<'EOF' >"$root/sbin/init" diff --git a/test/test-functions b/test/test-functions index 2d303f4799..d59ac29382 100644 --- a/test/test-functions +++ b/test/test-functions @@ -808,8 +808,7 @@ setup_selinux() { ln -sf ../autorelabel.service "$initdir/usr/lib/systemd/tests/testdata/units/basic.target.wants/" image_install "${fixfiles_tools[@]}" - image_install fixfiles - image_install sestatus + image_install fixfiles sestatus } install_valgrind() { diff --git a/test/units/testsuite-13.sh b/test/units/testsuite-13.sh index 4ad7431e42..0a4b102f03 100755 --- a/test/units/testsuite-13.sh +++ b/test/units/testsuite-13.sh @@ -6,74 +6,109 @@ set -o pipefail export SYSTEMD_LOG_LEVEL=debug export SYSTEMD_LOG_TARGET=journal +CREATE_BB_CONTAINER="/usr/lib/systemd/tests/testdata/create-busybox-container" + +at_exit() { + set +e + + mountpoint -q /var/lib/machines && umount /var/lib/machines +} + +trap at_exit EXIT # check cgroup-v2 -is_v2_supported=no +IS_CGROUPSV2_SUPPORTED=no mkdir -p /tmp/cgroup2 if mount -t cgroup2 cgroup2 /tmp/cgroup2; then - is_v2_supported=yes + IS_CGROUPSV2_SUPPORTED=yes umount /tmp/cgroup2 fi rmdir /tmp/cgroup2 # check cgroup namespaces -is_cgns_supported=no +IS_CGNS_SUPPORTED=no if [[ -f /proc/1/ns/cgroup ]]; then - is_cgns_supported=yes + IS_CGNS_SUPPORTED=yes fi -is_user_ns_supported=no +IS_USERNS_SUPPORTED=no # On some systems (e.g. CentOS 7) the default limit for user namespaces # is set to 0, which causes the following unshare syscall to fail, even # with enabled user namespaces support. By setting this value explicitly # we can ensure the user namespaces support to be detected correctly. sysctl -w user.max_user_namespaces=10000 if unshare -U sh -c :; then - is_user_ns_supported=yes + IS_USERNS_SUPPORTED=yes fi -function check_bind_tmp_path { +# Mount tmpfs over /var/lib/machines to not pollute the image +mkdir -p /var/lib/machines +mount -t tmpfs tmpfs /var/lib/machines + +testcase_check_bind_tmp_path() { # https://github.com/systemd/systemd/issues/4789 - local _root="/var/lib/machines/testsuite-13.bind-tmp-path" - rm -rf "$_root" - /usr/lib/systemd/tests/testdata/create-busybox-container "$_root" + local root + + root="$(mktemp -d /var/lib/machines/testsuite-13.bind-tmp-path.XXX)" + "$CREATE_BB_CONTAINER" "$root" : >/tmp/bind - systemd-nspawn --register=no -D "$_root" --bind=/tmp/bind /bin/sh -c 'test -e /tmp/bind' + systemd-nspawn --register=no \ + --directory="$root" \ + --bind=/tmp/bind \ + /bin/sh -c 'test -e /tmp/bind' + + rm -fr "$root" /tmp/bind } -function check_norbind { +testcase_check_norbind() { # https://github.com/systemd/systemd/issues/13170 - local _root="/var/lib/machines/testsuite-13.norbind-path" - rm -rf "$_root" + local root + + root="$(mktemp -d /var/lib/machines/testsuite-13.norbind-path.XXX)" mkdir -p /tmp/binddir/subdir echo -n "outer" >/tmp/binddir/subdir/file mount -t tmpfs tmpfs /tmp/binddir/subdir echo -n "inner" >/tmp/binddir/subdir/file - /usr/lib/systemd/tests/testdata/create-busybox-container "$_root" - systemd-nspawn --register=no -D "$_root" --bind=/tmp/binddir:/mnt:norbind /bin/sh -c 'CONTENT=$(cat /mnt/subdir/file); if [[ $CONTENT != "outer" ]]; then echo "*** unexpected content: $CONTENT"; return 1; fi' + "$CREATE_BB_CONTAINER" "$root" + + systemd-nspawn --register=no \ + --directory="$root" \ + --bind=/tmp/binddir:/mnt:norbind \ + /bin/sh -c 'CONTENT=$(cat /mnt/subdir/file); if [[ $CONTENT != "outer" ]]; then echo "*** unexpected content: $CONTENT"; return 1; fi' + + umount /tmp/binddir/subdir + rm -fr "$root" /tmp/binddir/ +} + +check_rootidmap_cleanup() { + local dir="${1:?}" + + mountpoint -q "$dir/bind" && umount "$dir/bind" + rm -fr "$dir" } -function check_rootidmap { - local _owner=1000 - local _root="/var/lib/machines/testsuite-13.rootidmap-path" - local _command - rm -rf "$_root" +testcase_check_rootidmap() { + local root cmd permissions + local owner=1000 + root="$(mktemp -d /var/lib/machines/testsuite-13.rootidmap-path.XXX)" # Create ext4 image, as ext4 supports idmapped-mounts. - dd if=/dev/zero of=/tmp/ext4.img bs=4k count=2048 - mkfs.ext4 /tmp/ext4.img - mkdir -p /tmp/rootidmapdir - mount /tmp/ext4.img /tmp/rootidmapdir - - touch /tmp/rootidmapdir/file - chown -R $_owner:$_owner /tmp/rootidmapdir - - /usr/lib/systemd/tests/testdata/create-busybox-container "$_root" - _command='PERMISSIONS=$(stat -c "%u:%g" /mnt/file); if [[ $PERMISSIONS != "0:0" ]]; then echo "*** wrong permissions: $PERMISSIONS"; return 1; fi; touch /mnt/other_file' - if ! SYSTEMD_LOG_TARGET=console systemd-nspawn \ - --register=no -D "$_root" \ - --bind=/tmp/rootidmapdir:/mnt:rootidmap \ - /bin/sh -c "$_command" |& tee nspawn.out; then + mkdir -p /tmp/rootidmap/bind + dd if=/dev/zero of=/tmp/rootidmap/ext4.img bs=4k count=2048 + mkfs.ext4 /tmp/rootidmap/ext4.img + mount /tmp/rootidmap/ext4.img /tmp/rootidmap/bind + trap "check_rootidmap_cleanup /tmp/rootidmap/" RETURN + + touch /tmp/rootidmap/bind/file + chown -R "$owner:$owner" /tmp/rootidmap/bind + + "$CREATE_BB_CONTAINER" "$root" + cmd='PERMISSIONS=$(stat -c "%u:%g" /mnt/file); if [[ $PERMISSIONS != "0:0" ]]; then echo "*** wrong permissions: $PERMISSIONS"; return 1; fi; touch /mnt/other_file' + if ! SYSTEMD_LOG_TARGET=console \ + systemd-nspawn --register=no \ + --directory="$root" \ + --bind=/tmp/rootidmap/bind:/mnt:rootidmap \ + /bin/sh -c "$cmd" |& tee nspawn.out; then if grep -q "Failed to map ids for bind mount.*: Function not implemented" nspawn.out; then echo "idmapped mounts are not supported, skipping the test..." return 0 @@ -82,129 +117,197 @@ function check_rootidmap { return 1 fi - PERMISSIONS=$(stat -c "%u:%g" /tmp/rootidmapdir/other_file) - if [[ $PERMISSIONS != "$_owner:$_owner" ]]; then - echo "*** wrong permissions: $PERMISSIONS" - [[ "$is_user_ns_supported" = "yes" ]] && return 1 + permissions=$(stat -c "%u:%g" /tmp/rootidmap/bind/other_file) + if [[ $permissions != "$owner:$owner" ]]; then + echo "*** wrong permissions: $permissions" + [[ "$IS_USERNS_SUPPORTED" == "yes" ]] && return 1 fi } -function check_notification_socket { +testcase_check_notification_socket() { # https://github.com/systemd/systemd/issues/4944 - local _cmd='echo a | $(busybox which nc) -U -u -w 1 /run/host/notify' + local cmd='echo a | $(busybox which nc) -U -u -w 1 /run/host/notify' + # /testsuite-13.nc-container is prepared by test.sh - systemd-nspawn --register=no -D /testsuite-13.nc-container /bin/sh -x -c "$_cmd" - systemd-nspawn --register=no -D /testsuite-13.nc-container -U /bin/sh -x -c "$_cmd" + systemd-nspawn --register=no --directory=/testsuite-13.nc-container /bin/sh -x -c "$cmd" + systemd-nspawn --register=no --directory=/testsuite-13.nc-container -U /bin/sh -x -c "$cmd" } -function check_os_release { - local _cmd='. /tmp/os-release -if [ -n "${ID:+set}" ] && [ "${ID}" != "${container_host_id}" ]; then exit 1; fi -if [ -n "${VERSION_ID:+set}" ] && [ "${VERSION_ID}" != "${container_host_version_id}" ]; then exit 1; fi -if [ -n "${BUILD_ID:+set}" ] && [ "${BUILD_ID}" != "${container_host_build_id}" ]; then exit 1; fi -if [ -n "${VARIANT_ID:+set}" ] && [ "${VARIANT_ID}" != "${container_host_variant_id}" ]; then exit 1; fi -cd /tmp; (cd /run/host; md5sum os-release) | md5sum -c -if echo test >>/run/host/os-release; then exit 1; fi -' - - local _os_release_source="/etc/os-release" - if [[ ! -r "${_os_release_source}" ]]; then - _os_release_source="/usr/lib/os-release" - elif [[ -L "${_os_release_source}" ]] && rm /etc/os-release; then +testcase_check_os_release() { + local root entrypoint os_release_source + + root="$(mktemp -d /var/lib/machines/testsuite-13.check-os-release.XXX)" + "$CREATE_BB_CONTAINER" "$root" + entrypoint="$root/entrypoint.sh" + cat >"$entrypoint" <<\EOF +#!/bin/sh -ex + +. /tmp/os-release +[[ -n "${ID:-}" && "$ID" != "$container_host_id" ]] && exit 1 +[[ -n "${VERSION_ID:-}" && "$VERSION_ID" != "$container_host_version_id" ]] && exit 1 +[[ -n "${BUILD_ID:-}" && "$BUILD_ID" != "$container_host_build_id" ]] && exit 1 +[[ -n "${VARIANT_ID:-}" && "$VARIANT_ID" != "$container_host_variant_id" ]] && exit 1 + +cd /tmp +(cd /run/host && md5sum os-release) | md5sum -c +EOF + chmod +x "$entrypoint" + + os_release_source="/etc/os-release" + if [[ ! -r "$os_release_source" ]]; then + os_release_source="/usr/lib/os-release" + elif [[ -L "$os_release_source" ]]; then # Ensure that /etc always wins if available - cp /usr/lib/os-release /etc + cp --remove-destination -fv /usr/lib/os-release /etc/os-release echo MARKER=1 >>/etc/os-release fi - systemd-nspawn --register=no -D /testsuite-13.nc-container --bind="${_os_release_source}":/tmp/os-release /bin/sh -x -e -c "$_cmd" + systemd-nspawn --register=no \ + --directory="$root" \ + --bind="$os_release_source:/tmp/os-release" \ + "${entrypoint##"$root"}" if grep -q MARKER /etc/os-release; then - rm /etc/os-release - ln -s ../usr/lib/os-release /etc/os-release + ln -svrf /usr/lib/os-release /etc/os-release fi + + rm -fr "$root" } -function check_machinectl_bind { - local _cmd='for i in $(seq 1 20); do if test -f /tmp/marker; then exit 0; fi; usleep 500000; done; exit 1;' +testcase_check_machinectl_bind() { + local service_path service_name root container_name ec + local cmd='for i in $(seq 1 20); do if test -f /tmp/marker; then exit 0; fi; usleep 500000; done; exit 1;' - cat >/run/systemd/system/nspawn_machinectl_bind.service <"$service_path" </dev/null || ! selinuxenabled; then echo >&2 "SELinux is not enabled, skipping SELinux-related tests" return 0 fi - # Basic test coverage to avoid issues like https://github.com/systemd/systemd/issues/19976 - systemd-nspawn "${SUSE_OPTS[@]}" --register=no -b -D /testsuite-13.nc-container --selinux-apifs-context=system_u:object_r:container_file_t:s0:c0,c1 --selinux-context=system_u:system_r:container_t:s0:c0,c1 + local root + + root="$(mktemp -d /var/lib/machines/testsuite-13.check-selinux.XXX)" + "$CREATE_BB_CONTAINER" "$root" + chcon -R -t container_t "$root" + + systemd-nspawn --register=no \ + --boot \ + --directory="$root" \ + --selinux-apifs-context=system_u:object_r:container_file_t:s0:c0,c1 \ + --selinux-context=system_u:system_r:container_t:s0:c0,c1 + + rm -fr "$root" } -function check_ephemeral_config { +testcase_check_ephemeral_config() { # https://github.com/systemd/systemd/issues/13297 + local root container_name + + root="$(mktemp -d /var/lib/machines/testsuite-13.check-ephemeral-config.XXX)" + "$CREATE_BB_CONTAINER" "$root" + container_name="${root##*/}" mkdir -p /run/systemd/nspawn/ - cat >/run/systemd/nspawn/testsuite-13.nc-container.nspawn <"/run/systemd/nspawn/$container_name.nspawn" <&2 +matrix_run_one() { + local cgroupsv2="${1:?}" + local use_cgns="${2:?}" + local api_vfs_writable="${3:?}" + local root + + if [[ "$cgroupsv2" == "yes" && "$IS_CGROUPSV2_SUPPORTED" == "no" ]]; then + echo >&2 "Unified cgroup hierarchy is not supported, skipping..." return 0 fi - if [[ "$2" = "yes" && "$is_cgns_supported" = "no" ]]; then - printf "CGroup namespaces are not supported. Skipping.\n" >&2 + + if [[ "$use_cgns" == "yes" && "$IS_CGNS_SUPPORTED" == "no" ]]; then + echo >&2 "CGroup namespaces are not supported, skipping..." return 0 fi - local _root="/var/lib/machines/testsuite-13.unified-$1-cgns-$2-api-vfs-writable-$3" - rm -rf "$_root" - /usr/lib/systemd/tests/testdata/create-busybox-container "$_root" - SYSTEMD_NSPAWN_UNIFIED_HIERARCHY="$1" SYSTEMD_NSPAWN_USE_CGNS="$2" SYSTEMD_NSPAWN_API_VFS_WRITABLE="$3" systemd-nspawn --register=no -D "$_root" -b - SYSTEMD_NSPAWN_UNIFIED_HIERARCHY="$1" SYSTEMD_NSPAWN_USE_CGNS="$2" SYSTEMD_NSPAWN_API_VFS_WRITABLE="$3" systemd-nspawn --register=no -D "$_root" --private-network -b - - if SYSTEMD_NSPAWN_UNIFIED_HIERARCHY="$1" SYSTEMD_NSPAWN_USE_CGNS="$2" SYSTEMD_NSPAWN_API_VFS_WRITABLE="$3" systemd-nspawn --register=no -D "$_root" -U -b; then - [[ "$is_user_ns_supported" = "yes" && "$3" = "network" ]] && return 1 + root="$(mktemp -d "/var/lib/machines/testsuite-13.unified-$1-cgns-$2-api-vfs-writable-$3.XXX")" + "$CREATE_BB_CONTAINER" "$root" + + SYSTEMD_NSPAWN_UNIFIED_HIERARCHY="$cgroupsv2" SYSTEMD_NSPAWN_USE_CGNS="$use_cgns" SYSTEMD_NSPAWN_API_VFS_WRITABLE="$api_vfs_writable" \ + systemd-nspawn --register=no \ + --directory="$root" \ + --boot + + SYSTEMD_NSPAWN_UNIFIED_HIERARCHY="$cgroupsv2" SYSTEMD_NSPAWN_USE_CGNS="$use_cgns" SYSTEMD_NSPAWN_API_VFS_WRITABLE="$api_vfs_writable" \ + systemd-nspawn --register=no \ + --directory="$root" \ + --private-network \ + --boot + + if SYSTEMD_NSPAWN_UNIFIED_HIERARCHY="$cgroupsv2" SYSTEMD_NSPAWN_USE_CGNS="$use_cgns" SYSTEMD_NSPAWN_API_VFS_WRITABLE="$api_vfs_writable" \ + systemd-nspawn --register=no \ + --directory="$root" \ + --private-users=pick \ + --boot; then + [[ "$IS_USERNS_SUPPORTED" == "yes" && "$api_vfs_writable" == "network" ]] && return 1 else - [[ "$is_user_ns_supported" = "no" && "$3" = "network" ]] && return 1 + [[ "$IS_USERNS_SUPPORTED" == "no" && "$api_vfs_writable" = "network" ]] && return 1 fi - if SYSTEMD_NSPAWN_UNIFIED_HIERARCHY="$1" SYSTEMD_NSPAWN_USE_CGNS="$2" SYSTEMD_NSPAWN_API_VFS_WRITABLE="$3" systemd-nspawn --register=no -D "$_root" --private-network -U -b; then - [[ "$is_user_ns_supported" = "yes" && "$3" = "yes" ]] && return 1 + if SYSTEMD_NSPAWN_UNIFIED_HIERARCHY="$cgroupsv2" SYSTEMD_NSPAWN_USE_CGNS="$use_cgns" SYSTEMD_NSPAWN_API_VFS_WRITABLE="$api_vfs_writable" \ + systemd-nspawn --register=no \ + --directory="$root" \ + --private-network \ + --private-users=pick \ + --boot; then + [[ "$IS_USERNS_SUPPORTED" == "yes" && "$api_vfs_writable" == "yes" ]] && return 1 else - [[ "$is_user_ns_supported" = "no" && "$3" = "yes" ]] && return 1 + [[ "$IS_USERNS_SUPPORTED" == "no" && "$api_vfs_writable" = "yes" ]] && return 1 fi - local _netns_opt="--network-namespace-path=/proc/self/ns/net" - local _net_opts=( + local netns_opt="--network-namespace-path=/proc/self/ns/net" + local net_opt + local net_opts=( "--network-bridge=lo" "--network-interface=lo" "--network-ipvlan=lo" @@ -215,54 +318,59 @@ function run { ) # --network-namespace-path and network-related options cannot be used together - for netopt in "${_net_opts[@]}"; do - echo "$_netns_opt in combination with $netopt should fail" - if SYSTEMD_NSPAWN_UNIFIED_HIERARCHY="$1" SYSTEMD_NSPAWN_USE_CGNS="$2" SYSTEMD_NSPAWN_API_VFS_WRITABLE="$3" systemd-nspawn --register=no -D "$_root" -b "$_netns_opt" "$netopt"; then + for net_opt in "${net_opts[@]}"; do + echo "$netns_opt in combination with $net_opt should fail" + if SYSTEMD_NSPAWN_UNIFIED_HIERARCHY="$cgroupsv2" SYSTEMD_NSPAWN_USE_CGNS="$use_cgns" SYSTEMD_NSPAWN_API_VFS_WRITABLE="$api_vfs_writable" \ + systemd-nspawn --register=no \ + --directory="$root" \ + --boot \ + "$netns_opt" \ + "$net_opt"; then echo >&2 "unexpected pass" return 1 fi done # allow combination of --network-namespace-path and --private-network - if ! SYSTEMD_NSPAWN_UNIFIED_HIERARCHY="$1" SYSTEMD_NSPAWN_USE_CGNS="$2" SYSTEMD_NSPAWN_API_VFS_WRITABLE="$3" systemd-nspawn --register=no -D "$_root" -b "$_netns_opt" --private-network; then - return 1 - fi + SYSTEMD_NSPAWN_UNIFIED_HIERARCHY="$cgroupsv2" SYSTEMD_NSPAWN_USE_CGNS="$use_cgns" SYSTEMD_NSPAWN_API_VFS_WRITABLE="$api_vfs_writable" \ + systemd-nspawn --register=no \ + --directory="$root" \ + --boot \ + --private-network \ + "$netns_opt" # test --network-namespace-path works with a network namespace created by "ip netns" ip netns add nspawn_test - _netns_opt="--network-namespace-path=/run/netns/nspawn_test" - SYSTEMD_NSPAWN_UNIFIED_HIERARCHY="$1" SYSTEMD_NSPAWN_USE_CGNS="$2" SYSTEMD_NSPAWN_API_VFS_WRITABLE="$3" systemd-nspawn --register=no -D "$_root" "$_netns_opt" /bin/ip a | grep -v -E '^1: lo.*UP' - local r=$? + netns_opt="--network-namespace-path=/run/netns/nspawn_test" + SYSTEMD_NSPAWN_UNIFIED_HIERARCHY="$cgroupsv2" SYSTEMD_NSPAWN_USE_CGNS="$use_cgns" SYSTEMD_NSPAWN_API_VFS_WRITABLE="$api_vfs_writable" \ + systemd-nspawn --register=no \ + --directory="$root" \ + --network-namespace-path=/run/netns/nspawn_test \ + /bin/ip a | grep -v -E '^1: lo.*UP' ip netns del nspawn_test - if [[ $r -ne 0 ]]; then - return 1 - fi + rm -fr "$root" return 0 } -check_bind_tmp_path - -check_norbind - -check_rootidmap +# Create a list of all functions prefixed with testcase_ +mapfile -t TESTCASES < <(declare -F | awk '$3 ~ /^testcase_/ {print $3;}') -check_notification_socket +if [[ "${#TESTCASES[@]}" -eq 0 ]]; then + echo >&2 "No test cases found, this is most likely an error" + exit 1 +fi -check_os_release +for testcase in "${TESTCASES[@]}"; do + "$testcase" +done for api_vfs_writable in yes no network; do - run no no $api_vfs_writable - run yes no $api_vfs_writable - run no yes $api_vfs_writable - run yes yes $api_vfs_writable + matrix_run_one no no $api_vfs_writable + matrix_run_one yes no $api_vfs_writable + matrix_run_one no yes $api_vfs_writable + matrix_run_one yes yes $api_vfs_writable done -check_machinectl_bind - -check_selinux - -check_ephemeral_config - touch /testok -- cgit v1.2.1