Helper functions

[simondeziel]

The helper functions are moved to a single script snippet (bin/helpers) that is inserted along with the LXD snap channel to for a given test. This should make it easy to reuse when we add a different runner (lxd-run) alongside of bin/openstack-run.

The tests/main.sh metascript contains what was successfully tested on PS6. So ATM, the few tests we have are all passing on latest/edge and 5.0/edge. The bits that are not working on 5.0/edge as skipped thanks to API extension detection, same for minimum kernel requirements.

Note: the tests/interception doesn't work on 5.0/edge but I'm wondering if that's because I'm using the wrong extensions to gate the mount tests?

$ ./bin/openstack-run jammy default tests/interception "5.0/edge"
...
+ hasNeededAPIExtension container_syscall_intercept_mount
+ needed_extension=container_syscall_intercept_mount
+ lxc info
+ sed -ne /^api_extensions:/,/^[^-]/ s/^- //p
+ grep -qxF container_syscall_intercept_mount
+ truncate -s 10G loop.img
+ losetup -f --show loop.img
+ LOOP=/dev/loop3
+ lxc config device add c1 loop unix-block source=/dev/loop3 path=/dev/sda
Device loop added to c1
+ lxc exec c1 -- mkfs.ext4 /dev/sda
mke2fs 1.46.5 (30-Dec-2021)
Discarding device blocks: done                            
Creating filesystem with 2621440 4k blocks and 655360 inodes
Filesystem UUID: 44114f3b-50ae-47fe-996c-73a39dfca1cf
Superblock backups stored on blocks: 
	32768, 98304, 163840, 229376, 294912, 819200, 884736, 1605632

Allocating group tables: done                            
Writing inode tables: done                            
Creating journal (16384 blocks): done
Writing superblocks and filesystem accounting information: done 

+ lxc exec c1 -- mount /dev/sda /mnt
mount: /mnt: permission denied.
+ lxc config set c1 security.syscalls.intercept.mount=true
+ lxc config set c1 security.syscalls.intercept.mount.allowed=ext4
+ lxc restart c1 -f
+ lxc exec c1 -- mount /dev/sda /mnt
+ lxc exec c1 -- stat --format=%u:%g /mnt
+ [ 65534:65534 = 65534:65534 ]
+ lxc exec c1 -- umount /mnt
+ lxc config set c1 security.syscalls.intercept.mount.shift=true
+ lxc exec c1 -- mount /dev/sda /mnt
+ lxc exec c1 -- stat --format=%u:%g /mnt

Test failed
+ [ 65534:65534 = 0:0 ]
+ cleanup
+ echo 
+ [ 1 = 1 ]
+ echo Test failed
+ exit 1
+ cleanup
+ set +e
+ openstack server delete lxd-ci-interception-jammy-2068155
+ rm -f /tmp/tmp.tJSPltpYcJ
+ [ 1 = 0 ]
+ echo 

+ echo ==> Test failed (interception)
==> Test failed (interception)
+ exit 1

[tomponline]

LGTM thanks!