diff --git a/scripts/ci/prepare-for-fedora-rawhide.sh b/scripts/ci/prepare-for-fedora-rawhide.sh index e31814a955..d812c5faa5 100755 --- a/scripts/ci/prepare-for-fedora-rawhide.sh +++ b/scripts/ci/prepare-for-fedora-rawhide.sh @@ -18,6 +18,7 @@ dnf install -y \ libnet-devel \ libnl3-devel \ libbsd-devel \ + libselinux-utils \ make \ procps-ng \ protobuf-c-devel \ diff --git a/scripts/ci/run-ci-tests.sh b/scripts/ci/run-ci-tests.sh index e05ead6683..dce102346d 100755 --- a/scripts/ci/run-ci-tests.sh +++ b/scripts/ci/run-ci-tests.sh @@ -1,6 +1,9 @@ #!/bin/bash set -x -e +uname -a +cat /proc/self/mountinfo + CI_PKGS=(protobuf-c-compiler libprotobuf-c-dev libaio-dev libgnutls28-dev libgnutls30 libprotobuf-dev protobuf-compiler libcap-dev libnl-3-dev gdb bash libnet-dev util-linux asciidoctor @@ -134,10 +137,6 @@ if [ "$WIDTH" -gt 80 ]; then exit 1 fi -# Unit tests at this point do not require any kernel or hardware capabilities. -# Just try to run it everywhere for now. -time make unittest - [ -n "$SKIP_CI_TEST" ] && exit 0 # Umount cpuset in cgroupv1 to make it move to cgroupv2 @@ -213,12 +212,8 @@ if [ "${STREAM_TEST}" = "1" ]; then exit 0 fi -./test/zdtm.py run -a -p 2 --keep-going "${ZDTM_OPTS[@]}" -if criu/criu check --feature move_mount_set_group; then - ./test/zdtm.py run -a -p 2 --mntns-compat-mode --keep-going "${ZDTM_OPTS[@]}" -fi - -./test/zdtm.py run -a -p 2 --keep-going --criu-config "${ZDTM_OPTS[@]}" +make -j 4 -C test/zdtm/ +./test/zdtm.py run -t zdtm/static/env00 # Newer kernels are blocking access to userfaultfd: # uffd: Set unprivileged_userfaultfd sysctl knob to 1 if kernel faults must be handled without obtaining CAP_SYS_PTRACE capability @@ -231,61 +226,6 @@ LAZY_EXCLUDE=(-x maps04 -x cmdlinenv00 -x maps007) LAZY_TESTS='.*(maps0|uffd-events|lazy-thp|futex|fork).*' LAZY_OPTS=(-p 2 -T "$LAZY_TESTS" "${LAZY_EXCLUDE[@]}" "${ZDTM_OPTS[@]}") -./test/zdtm.py run "${LAZY_OPTS[@]}" --lazy-pages -./test/zdtm.py run "${LAZY_OPTS[@]}" --remote-lazy-pages -./test/zdtm.py run "${LAZY_OPTS[@]}" --remote-lazy-pages --tls - -bash -x ./test/jenkins/criu-fault.sh -if [ "$UNAME_M" == "x86_64" ]; then - # This fails on aarch64 (aws-graviton2) with: - # 33: ERR: thread-bomb.c:49: pthread_attr_setstacksize(): 22 - bash -x ./test/jenkins/criu-fcg.sh -fi -bash -x ./test/jenkins/criu-inhfd.sh - -if [ -z "$SKIP_EXT_DEV_TEST" ]; then - make -C test/others/mnt-ext-dev/ run - if criu/criu check --feature move_mount_set_group; then - EXTRA_OPTS=--mntns-compat-mode make -C test/others/mnt-ext-dev/ run - fi -fi - -make -C test/others/make/ run CC="$CC" -if [ -n "$TRAVIS" ] || [ -n "$CIRCLECI" ]; then - # GitHub Actions (and Cirrus CI) does not provide a real TTY and CRIU will fail with: - # Error (criu/tty.c:1014): tty: Don't have tty to inherit session from, aborting - make -C test/others/shell-job/ run -fi -make -C test/others/criu-ns/ run -make -C test/others/skip-file-rwx-check/ run -make -C test/others/rpc/ run - -./test/zdtm.py run -t zdtm/static/env00 --sibling - -./test/zdtm.py run -t zdtm/transition/maps007 --pre 2 --dedup -./test/zdtm.py run -t zdtm/transition/maps007 --pre 2 --noauto-dedup -./test/zdtm.py run -t zdtm/transition/maps007 --pre 2 --page-server -./test/zdtm.py run -t zdtm/transition/maps007 --pre 2 --page-server --dedup -./test/zdtm.py run -t zdtm/transition/maps007 --pre 2 --pre-dump-mode read - -./test/zdtm.py run -t zdtm/transition/pid_reuse --pre 2 # start time based pid reuse detection -./test/zdtm.py run -t zdtm/transition/pidfd_store_sk --rpc --pre 2 # pidfd based pid reuse detection - -./test/zdtm.py run -t zdtm/static/socket-tcp-local --norst - -ip net add test -./test/zdtm.py run -t zdtm/static/env00 -f h --join-ns - -# RPC testing -./test/zdtm.py run -t zdtm/static/env00 --rpc # Basic -./test/zdtm.py run -t zdtm/static/env00 --rpc --pre 2 --page-server -./test/zdtm.py run -t zdtm/static/ptrace_sig -f h --rpc # Error handling (crfail test) - -./test/zdtm.py run --empty-ns -T zdtm/static/socket-tcp*-local --iter 2 - -./test/zdtm.py run -t zdtm/static/env00 -t zdtm/transition/fork -t zdtm/static/ghost_holes00 -t zdtm/static/socket-tcp -t zdtm/static/msgque -k always -./test/crit-recode.py - # Rootless tests # Check if cap_checkpoint_restore is supported and also if unshare -c is supported. if capsh --supports=cap_checkpoint_restore && unshare -c /bin/true; then @@ -295,14 +235,14 @@ if capsh --supports=cap_checkpoint_restore && unshare -c /bin/true; then if [ -d /sys/fs/selinux ]; then # Note: selinux in Enforcing mode prevents us from calling clone3() or writing to ns_last_pid on restore; hence set to Permissive for the test and then set back. selinuxmode=$(getenforce) - setenforce Permissive + setenforce Permissive || true fi # Run it as non-root in a user namespace. Since CAP_CHECKPOINT_RESTORE behaves differently in non-user namespaces (e.g. no access to map_files) this tests that we can dump and restore # under those conditions. Note that the "... && true" part is necessary; we need at least one statement after the tests so that bash can reap zombies in the user namespace, # otherwise it will exec the last statement and get replaced and nobody will be left to reap our zombies. sudo --user=#65534 --group=#65534 unshare -Ucfpm --mount-proc -- bash -c "./test/zdtm.py run -t zdtm/static/maps00 -f h --rootless && true" if [ -d /sys/fs/selinux ]; then - setenforce "$selinuxmode" + setenforce "$selinuxmode" || true fi setcap -r criu/criu else diff --git a/scripts/ci/vagrant.sh b/scripts/ci/vagrant.sh index c0c8e88c1d..ace10c77e3 100755 --- a/scripts/ci/vagrant.sh +++ b/scripts/ci/vagrant.sh @@ -57,11 +57,13 @@ fedora-no-vdso() { } fedora-rawhide() { + ssh default sudo grubby --update-kernel ALL --args="selinux=0" # The 6.2 kernel of Fedora 38 in combination with rawhide userspace breaks # zdtm/static/socket-tcp-nfconntrack. To activate the new kernel previously # installed this reboots the VM. vagrant reload ssh default uname -a + ssh default dmesg # # Workaround the problem: # error running container: error from /usr/bin/crun creating container for [...]: sd-bus call: Transport endpoint is not connected