scripts/critest.sh: Prepare for userns tests in runc
When runc 1.2.0 is released, it will expose support for userns and therefore the critest suite will run those tests. The thing is, runc needs to be able to traverse the path to mount the rootfs on itself. Let's just mark the paths from the BDIR upwards with +x permissions, so the tests run fine. Containerd already makes sure that the paths below (the ones it creates) have the right permissions and for the right group, etc. I've tested with runc 1.2.0-rc.2 and CI fails without this path, with this patch it works just fine. Signed-off-by: Rodrigo Campos <rodrigoca@microsoft.com>
This commit is contained in:
Rodrigo Campos
parent
1117f663e7
commit
89a2cac377
@ -19,7 +19,26 @@ set -eu -o pipefail
|
|||||||
report_dir=$1
|
report_dir=$1
|
||||||
|
|
||||||
mkdir -p $report_dir
|
mkdir -p $report_dir
|
||||||
|
|
||||||
|
function traverse_path() {
|
||||||
|
local path=$1
|
||||||
|
cd "$path"
|
||||||
|
sudo chmod go+rx "$PWD"
|
||||||
|
|
||||||
|
while [ $PWD != "/" ]; do
|
||||||
|
sudo chmod go+x "$PWD/../"
|
||||||
|
cd ..
|
||||||
|
done
|
||||||
|
}
|
||||||
|
|
||||||
BDIR="$(mktemp -d -p $PWD)"
|
BDIR="$(mktemp -d -p $PWD)"
|
||||||
|
# runc needs to traverse (+x) the directories in the path to the rootfs. This is important when we
|
||||||
|
# create a user namespace, as the final stage of the runc initialization is not as root on the host.
|
||||||
|
# While containerd creates the directories with the right permissions, the right group (so only the
|
||||||
|
# hostGID has access, etc.), those directories live below $BDIR. So, to make sure runc can traverse
|
||||||
|
# the directories, let's fix the dirs from $BDIR up, as the ones below are managed by containerd
|
||||||
|
# that does the right thing.
|
||||||
|
traverse_path "$BDIR"
|
||||||
|
|
||||||
function cleanup() {
|
function cleanup() {
|
||||||
pkill containerd || true
|
pkill containerd || true
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user