App-LXC-Container
view release on metacpan or search on metacpan
qr{^bad MASTER value '10.0.3.47 \(!~ 42\$\)'$re_msg_tail},
'inconsistent network entry in master configuration fails');
_remove_file('/lxc/run-test-broken.conf');
_setup_file('/lxc/run-test-broken.conf');
eval {
$_ = App::LXC::Container::Run->new('run-test-broken', '', '');
};
like($@,
qr{^bad MASTER value '\?\?\?'$re_msg_tail},
'empty master configuration fails');
_remove_file('/lxc/run-test-broken.conf');
_setup_file('/lxc/run-test-broken.conf',
'#MASTER:L42,-,-',
'lxc.rootfs.path=' . CONF_ROOT . '/run-test-broken',
'lxc.net.0.ipv4.address = 10.0.3.42/24');
$ENV{ALC_DEBUG} = 0; # cover branch in App::LXC::Container::run
_setup_file('/lxc-ls', '#!/bin/sh', 'exit 0'); # lxc-ls runs before nft!
_chmod(0755, '/lxc-ls');
$ENV{PATH} = TMP_PATH . ':/bin:/usr/bin'; # open will fail
stderr_like
{ eval "App::LXC::Container::run('run-test-broken');"; }
qr{^.*"nft": [^:]+App/LXC/Container/Run\.pm line \d+\.$},
'1st (mocked) nft list for local network fails with correct output';
like($@,
qr{^error running 'nft list ruleset inet' [^:]+: 0$re_eval},
'1st (mocked) nft list for local network fails with correct message');
$ENV{ALC_DEBUG} = 'x';
$ENV{PATH} = $test_path; # close will fail
eval { App::LXC::Container::run('run-test-broken'); };
like($@,
qr{^error running 'nft list ruleset inet' [^:]+: 256$re_msg_tail},
'2nd (mocked) nft list for local network fails');
delete $ENV{ALC_DEBUG};
#########################################################################
# tests with 1st (simple) valid configuration:
_setup_dir('/lxc/run-test-1');
_remove_file('/lxc/run-test-1.conf');
_setup_file('/lxc/run-test-1.conf',
'#MASTER:N,-,-',
'lxc.rootfs.path=' . CONF_ROOT . '/run-test-1',
'lxc.idmap = u 0 0 1',
'lxc.idmap = u 1 1 1',
'lxc.idmap = u 2 100002 65534',
'lxc.idmap = g 0 0 1',
'lxc.idmap = g 1 1 1',
'lxc.idmap = g 2 100002 65534',
'lxc.mount.entry = tmpfs dev/shm tmpfs create=dir,rw 0 0',
'lxc.mount.entry = /tmp tmp none create=dir,rw,bind 0 0',
'');
$_ = App::LXC::Container::Run->new('run-test-1', 'root', '/', 'do', 'it');
check_config_object($_,
'valid configuration 1',
[[audio => '-'],
[command => ['do', 'it']],
[dir => '/'],
[gateway => '^$'],
[gids => [1]],
[init => CONF_ROOT . '/run-test-1/lxc-run.sh'],
[ip => '^$'],
[mounts => {'/tmp' => 1}],
[name => 'run-test-1'],
[network => 0],
[network_type => 'N'],
[rc => LXC_LINK . '/run-test-1.conf'],
[root => CONF_ROOT . '/run-test-1'],
[running => 0],
[uids => [1]],
[user => 'root'],
[x11 => '-']]);
# using container to test some _check_running errors:
$ENV{PATH} = ''; # sub-program will fail
stderr_like
{ eval '$_->_check_running();'; }
qr{^.*"lxc-ls": [^:]+App/LXC/Container/Run\.pm line \d+\.$},
'failing lxc-ls has correct output';
like($@,
qr{^call to 'lxc-ls' failed: 256$re_eval},
'lxc-ls fails with empty PATH');
$ENV{PATH} = $test_path; # back to normal
eval { $_->_check_running(); };
like($@,
qr{^call to 'lxc-ls' failed: 512$re_msg_tail},
'lxc-ls fails in 2nd mockup');
is($_->{running}, 0, 'failed test did not affect running flag');
$_->_check_running();
is($_->{running}, 1, '3rd mockup of lxc-ls correctly set running flag');
#########################################################################
# using (modified!) container to test local network restrictions:
$_->{ip} = '10\.0\.3\.234';
output_like # 1 - not yet restricted
{ $_->_local_net(); }
qr{^$},
qr{^$},
'1st test with mocked local net OK';
output_like # 2 - everything has been already set-up
{ $_->_local_net(); }
qr{^$},
qr{^$},
'2nd test with mocked local net OK';
output_like # 3 - 1st add fails
{ eval '$_->_local_net();'; }
qr{^$},
qr{^nft: add chain inet lxc localfilter: mockup failed$},
'3rd test with mocked local net OK';
output_like # 4 - insert fails
{ eval '$_->_local_net();'; }
qr{^$},
qr{^nft: insert rule inet lxc forward jump localfilter: mockup failed$},
'4th test with mocked local net OK';
output_like # 5 - 2nd add fails
{ eval '$_->_local_net();'; }
qr{^$},
qr{^nft: add rule inet lxc localfilter ip saddr .+ reject: mockup failed$},
'5th test with mocked local net OK';
("run-test-1", "root", "/", "command");
$_->{running} = 1;
$_->_run();');
like($_, qr{^$re_output$}, 'lxc-attach fails with empty PATH');
$ENV{PATH} = $test_path; # back to normal
$_ = _sub_perl('use App::LXC::Container;
$_ = App::LXC::Container::Run->new
("run-test-1", "root", "/", "command");
$_->_run();');
like($_, qr{^using 'PoorTerm' as UI$},
'_run in 1st mockup test (lxc-execute) seems correct');
$_ = _sub_perl('use App::LXC::Container;
$_ = App::LXC::Container::Run->new
("run-test-1", "root", "/", "command");
$_->{running} = 1;
$_->_run();');
like($_, qr{^using 'PoorTerm' as UI$},
'_run in 2nd mockup test (lxc-attach) seems correct');
_setup_dir('/lxc/run-test-1/.xauth-dir');
_setup_file('/lxc/run-test-1/.xauth-dir/.Xauthority', 42);
_chmod(0555, '/lxc/run-test-1/.xauth-dir');
$_ = _sub_perl('use App::LXC::Container;
$_ = App::LXC::Container::Run->new
("run-test-1", "root", "/", "command");
$_->_run();');
$re_output =
"using 'PoorTerm' as UI\n" .
"can't remove .+tmp/lxc/run-test-1/.xauth-dir/.Xauthority': " .
'Permission denied at -e line \d\.';
like($_, qr{^$re_output$},
'_run in 3rd mockup test (lxc-execute protected .Xauthority) fails correct');
_chmod(0755, '/lxc/run-test-1/.xauth-dir');
_remove_file('/lxc/run-test-1/.xauth-dir/.Xauthority');
_remove_dir('/lxc/run-test-1/.xauth-dir');
#########################################################################
# tests with 2nd valid configuration:
_setup_dir('/lxc/run-test-2');
_remove_file('/lxc/run-test-2.conf');
_setup_file('/lxc/run-test-2.conf',
'#MASTER:G42,X,A',
'lxc.rootfs.path=' . CONF_ROOT . '/run-test-2',
'lxc.net.0.ipv4.address = 10.0.3.42/24',
'lxc.idmap = u 0 100000 65536',
'lxc.idmap = g 0 100000 65536',
'lxc.mount.entry = tmpfs dev/shm tmpfs create=dir,rw 0 0',
'lxc.mount.entry = /tmp tmp none create=dir,rw,bind 0 0',
'');
_setup_dir('/lxc/run-test-2/etc');
$_ = App::LXC::Container::Run->new('run-test-2', 'root', '/', 'do', 'it');
check_config_object($_,
'valid configuration 2',
[[audio => 'A'],
[command => ['do', 'it']],
[dir => '/'],
[gateway => '^10\.0\.3\.1$'],
[gids => []],
[init => CONF_ROOT . '/run-test-2/lxc-run.sh'],
[ip => '^10\.0\.3\.42$'],
[mounts => {'/tmp' => 1}],
[name => 'run-test-2'],
[network => 42],
[network_type => 'G'],
[rc => LXC_LINK . '/run-test-2.conf'],
[root => CONF_ROOT . '/run-test-2'],
[running => 0],
[uids => []],
[user => 'root'],
[x11 => 'X']]);
#########################################################################
# check writing of startup script for 2nd configuration:
_remove_file('/lxc/run-test-2/lxc-run.sh');
_remove_file('/home/.Xauthority');
_setup_file('/home/.Xauthority');
_chmod(0600, '/home/.Xauthority');
system('cp', '-a',
T_PATH . '/mockup-files/.Xauthority',
HOME_PATH . '/.Xauthority') == 0
or die "can't cp mockup '.Xauthority: $!\n";
$ENV{DISPLAY} = ':0';
$ENV{XAUTHORITY} = HOME_PATH . '/.Xauthority';
_remove_file('/lxc/run-test-2/.xauth-root/.Xauthority');
_remove_dir(TMP_PATH . '/lxc/run-test-2/.xauth-root');
_chmod(0555, '/lxc/run-test-2');
eval '$_->_write_init_sh();'; # 1 - creating .xauth directory fails
like($@,
qr{^can't create .+/lxc/run-test-2/.xauth-root': Permission denied$re_eval},
'failing write-access for .xauth directory has correct output');
_chmod(0755, '/lxc/run-test-2');
eval '$_->_write_init_sh();'; # 2 - "empty original" .Xauthority fails
like($@,
qr{^call to 'xauth list' failed: no :0$re_eval},
'missing .Xauthority entry fails correctly');
eval '$_->_write_init_sh();'; # 3 - writing .Xauthority fails
like($@,
qr{^call to 'xauth -b -f [^']+/\.Xauthority add [^']+' failed: \d+$re_eval},
'failing write-access for .Xauthority has correct output');
eval '$_->_write_init_sh();'; # 4 - run without error (D+XA)
is($@, '', 'creating startup script with full X11 access run without problems');
check_config_file(TMP_PATH . '/lxc/run-test-2/lxc-run.sh',
{DISPLAY => 'export DISPLAY=:0',
PULSE => 'export PULSE_SERVER=10\.0\.3\.1',
XAUTHORITY => 'export XAUTHORITY=/\.xauth-root/\.Xauthority',
cd => 'cd "/"',
dns => 'echo "nameserver \$gateway" >/etc/resolv\.conf',
exec => "exec 'do' 'it'",
gateway => 'gateway=10\.0\.3\.1',
route => 'ip route add default via "\$gateway"',
shebang => '#!/bin/sh'});
ok(-f TMP_PATH . '/lxc/run-test-2/.xauth-root/.Xauthority',
( run in 2.492 seconds using v1.01-cache-2.11-cpan-5b529ec07f3 )