From: David Gibson <david@gibson.dropbear.id.au>
To: passt-dev@passt.top, Stefano Brivio <sbrivio@redhat.com>
Cc: jarichte@redhat.com, Cleber Rosa <crosa@redhat.com>,
David Gibson <david@gibson.dropbear.id.au>
Subject: [PATCH v2 10/21] avocado/tasst: Add helpers to run commands with nstool
Date: Tue, 16 May 2023 12:01:24 +1000 [thread overview]
Message-ID: <20230516020135.1901256-11-david@gibson.dropbear.id.au> (raw)
In-Reply-To: <20230516020135.1901256-1-david@gibson.dropbear.id.au>
Use our existing nstool C helper, add python wrappers to easily run
commands in various namespaces.
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
---
Makefile | 7 +-
avocado/tasst/nstool.py | 203 ++++++++++++++++++++++++++++++++++++++++
2 files changed, 208 insertions(+), 2 deletions(-)
create mode 100644 avocado/tasst/nstool.py
diff --git a/Makefile b/Makefile
index fc83cd2..9add0a4 100644
--- a/Makefile
+++ b/Makefile
@@ -298,10 +298,13 @@ cppcheck: $(SRCS) $(HEADERS)
AVOCADO = avocado
-avocado-%:
+avocado-assets:
+ $(MAKE) -C test nstool
+
+avocado-%: avocado-assets
PYTHONPATH=./avocado $(AVOCADO) run avocado --filter-by-tags=$*
-avocado-all:
+avocado-all: avocado-assets
PYTHONPATH=./avocado $(AVOCADO) run avocado
# Default avocado tests to run, everything except the "meta" tests
diff --git a/avocado/tasst/nstool.py b/avocado/tasst/nstool.py
new file mode 100644
index 0000000..96ed2bd
--- /dev/null
+++ b/avocado/tasst/nstool.py
@@ -0,0 +1,203 @@
+#! /usr/bin/python3
+
+# SPDX-License-Identifier: GPL-2.0-or-later
+#
+# tasst - Test A Simple Socket Transport
+# library of test helpers for passt & pasta
+#
+# tasst/nstool.py - Run commands in namespaces via 'nstool'
+#
+# Copyright Red Hat
+# Author: David Gibson <david@gibson.dropbear.id.au>
+
+import os
+import sys
+import tempfile
+
+import avocado
+from avocado.utils.process import CmdError
+
+from tasst import Tasst
+from tasst.site import BaseSiteTasst, Site, REAL_HOST
+
+# FIXME: Can this be made more portable?
+UNIX_PATH_MAX = 108
+
+
+class NsToolSite(Site):
+ NST_BIN = './test/nstool'
+
+ def __init__(self, name, sockpath):
+ super().__init__(name)
+
+ if len(sockpath) > UNIX_PATH_MAX:
+ raise ValueError('Unix domain socket path \"{}\" is too long'.format(sockpath))
+ self.sockpath = sockpath
+ self._pid = int(REAL_HOST.output('{} info -wp {}'.format(self.NST_BIN, sockpath), timeout=1))
+ print('NsToolSite: sockpath={} PID={}'.format(sockpath, self.pid()), file=sys.stderr)
+
+ # PID of the nstool hold process as seen by the test host
+ def pid(self):
+ return self._pid
+
+ # PID of the nstool hold process as seen by another site
+ # (important when using PID namespaces)
+ def relative_pid(self, relative_to):
+ cmd = '{} info -p {}'.format(self.NST_BIN, self.sockpath)
+ return int(relative_to.output(cmd))
+
+ def _nst_cmd(self, cmd, sudo=False):
+ nst_args = self.sockpath
+ if sudo:
+ nst_args = '--keep-caps ' + nst_args
+ return '{} exec {} -- {}'.format(self.NST_BIN, nst_args, cmd)
+
+ def output(self, cmd, sudo=False, **kwargs):
+ return REAL_HOST.output(self._nst_cmd(cmd, sudo), **kwargs)
+
+ def fg(self, cmd, sudo=False, **kwargs):
+ return REAL_HOST.fg(self._nst_cmd(cmd, sudo), **kwargs)
+
+ def bg(self, cmd, sudo=False, **kwargs):
+ return REAL_HOST.bg(self._nst_cmd(cmd, sudo), **kwargs)
+
+
+# Create path for temporary nstool Unix socket
+#
+# The obvious choice would be to use Avocado's workdir, but that often
+# gives paths that are too long for Unix sockets
+def temp_sockpath(name):
+ tmpd = tempfile.mkdtemp(suffix=name)
+ return os.path.join(tmpd, 's')
+
+
+class UnshareSite(NsToolSite):
+ def __init__(self, name, unshare_opts, parent=REAL_HOST, sudo=False):
+ sockpath = temp_sockpath(name)
+ parent.require_cmds('unshare', self.NST_BIN)
+ self.parent = parent
+ holdcmd = 'unshare {} -- {} hold {}'.format(unshare_opts, self.NST_BIN, sockpath)
+ self.holder = parent.bg(holdcmd, sudo=sudo)
+ super().__init__(name, sockpath)
+
+ def close(self):
+ try:
+ self.parent.fg('{} stop {}'.format(self.NST_BIN, self.sockpath))
+ except CmdError:
+ pass
+
+ try:
+ self.holder.stop()
+ finally:
+ try:
+ os.remove(self.sockpath)
+ except FileNotFoundError:
+ pass
+
+ os.rmdir(os.path.dirname(self.sockpath))
+ super().close()
+
+
+class IsolatedNetTasst(BaseSiteTasst):
+ """
+ Test a site with isolated network
+
+ :avocado: disable
+ :avocado: tags=meta
+ """
+
+ def subsetup(self, site):
+ Tasst.subsetup(self, IsolatedNetTasst, site)
+ BaseSiteTasst.subsetup(self, site)
+
+ def test_isolated_net(self):
+ site = self.get_subsetup(IsolatedNetTasst)
+ self.assertEquals(site.ifs(), ['lo'])
+
+
+class UserNetNsTasst(IsolatedNetTasst):
+ """
+ Test creating a userns+netns together
+
+ :avocado: tags=meta
+ """
+ def setUp(self):
+ super().setUp()
+ self.ns = UnshareSite(type(self).__name__, '-Ucn')
+ IsolatedNetTasst.subsetup(self, self.ns)
+
+ def tearDown(self):
+ self.ns.close()
+ super().tearDown()
+
+ def test_userns(self):
+ REAL_HOST.require_cmds('capsh')
+ self.ns.require_cmds('capsh')
+ capcmd = 'capsh --has-p=CAP_SETUID'
+ self.assertRaises(CmdError, REAL_HOST.fg, capcmd)
+ self.ns.fg(capcmd, sudo=True)
+
+
+class NestedNsTasst(IsolatedNetTasst):
+ """
+ Test creating userns with a netns nested within
+
+ :avocado: tags=meta
+ """
+ def setUp(self):
+ super().setUp()
+ self.userns = UnshareSite(type(self).__name__ + '.userns', '-Uc')
+ self.netns = UnshareSite(type(self).__name__ + '.netns', '-n',
+ parent=self.userns, sudo=True)
+ IsolatedNetTasst.subsetup(self, self.netns)
+
+ def tearDown(self):
+ self.netns.close()
+ self.userns.close()
+ super().tearDown()
+
+
+class PidNsTasst(IsolatedNetTasst):
+ """
+ Test unsing unshare -p to create a pidns
+
+ :avocado: tags=meta
+ """
+ def setUp(self):
+ super().setUp()
+ self.pidns = UnshareSite(type(self).__name__, '-Upfn')
+ IsolatedNetTasst.subsetup(self, self.pidns)
+
+ def tearDown(self):
+ self.pidns.close()
+ super().tearDown()
+
+ def test_relative_pid(self):
+ # The holder is init (pid 1) within its own pidns
+ self.assertEquals(self.pidns.relative_pid(self.pidns), 1)
+
+
+class ConnectNsToolTasst(BaseSiteTasst):
+ """
+ Test connecting to a pre-existing nstool
+
+ :avocado: tags=meta
+ """
+ def setUp(self):
+ super().setUp()
+ self.sockpath = temp_sockpath(type(self).__name__)
+ holdcmd = '{} hold {}'.format(NsToolSite.NST_BIN, self.sockpath)
+ self.holder = REAL_HOST.bg(holdcmd)
+ BaseSiteTasst.subsetup(self, NsToolSite("fake ns", self.sockpath))
+
+ def tearDown(self):
+ try:
+ self.holder.stop()
+ finally:
+ try:
+ os.remove(self.sockpath)
+ except FileNotFoundError:
+ pass
+
+ os.rmdir(os.path.dirname(self.sockpath))
+ super().tearDown()
--
@@ -0,0 +1,203 @@
+#! /usr/bin/python3
+
+# SPDX-License-Identifier: GPL-2.0-or-later
+#
+# tasst - Test A Simple Socket Transport
+# library of test helpers for passt & pasta
+#
+# tasst/nstool.py - Run commands in namespaces via 'nstool'
+#
+# Copyright Red Hat
+# Author: David Gibson <david@gibson.dropbear.id.au>
+
+import os
+import sys
+import tempfile
+
+import avocado
+from avocado.utils.process import CmdError
+
+from tasst import Tasst
+from tasst.site import BaseSiteTasst, Site, REAL_HOST
+
+# FIXME: Can this be made more portable?
+UNIX_PATH_MAX = 108
+
+
+class NsToolSite(Site):
+ NST_BIN = './test/nstool'
+
+ def __init__(self, name, sockpath):
+ super().__init__(name)
+
+ if len(sockpath) > UNIX_PATH_MAX:
+ raise ValueError('Unix domain socket path \"{}\" is too long'.format(sockpath))
+ self.sockpath = sockpath
+ self._pid = int(REAL_HOST.output('{} info -wp {}'.format(self.NST_BIN, sockpath), timeout=1))
+ print('NsToolSite: sockpath={} PID={}'.format(sockpath, self.pid()), file=sys.stderr)
+
+ # PID of the nstool hold process as seen by the test host
+ def pid(self):
+ return self._pid
+
+ # PID of the nstool hold process as seen by another site
+ # (important when using PID namespaces)
+ def relative_pid(self, relative_to):
+ cmd = '{} info -p {}'.format(self.NST_BIN, self.sockpath)
+ return int(relative_to.output(cmd))
+
+ def _nst_cmd(self, cmd, sudo=False):
+ nst_args = self.sockpath
+ if sudo:
+ nst_args = '--keep-caps ' + nst_args
+ return '{} exec {} -- {}'.format(self.NST_BIN, nst_args, cmd)
+
+ def output(self, cmd, sudo=False, **kwargs):
+ return REAL_HOST.output(self._nst_cmd(cmd, sudo), **kwargs)
+
+ def fg(self, cmd, sudo=False, **kwargs):
+ return REAL_HOST.fg(self._nst_cmd(cmd, sudo), **kwargs)
+
+ def bg(self, cmd, sudo=False, **kwargs):
+ return REAL_HOST.bg(self._nst_cmd(cmd, sudo), **kwargs)
+
+
+# Create path for temporary nstool Unix socket
+#
+# The obvious choice would be to use Avocado's workdir, but that often
+# gives paths that are too long for Unix sockets
+def temp_sockpath(name):
+ tmpd = tempfile.mkdtemp(suffix=name)
+ return os.path.join(tmpd, 's')
+
+
+class UnshareSite(NsToolSite):
+ def __init__(self, name, unshare_opts, parent=REAL_HOST, sudo=False):
+ sockpath = temp_sockpath(name)
+ parent.require_cmds('unshare', self.NST_BIN)
+ self.parent = parent
+ holdcmd = 'unshare {} -- {} hold {}'.format(unshare_opts, self.NST_BIN, sockpath)
+ self.holder = parent.bg(holdcmd, sudo=sudo)
+ super().__init__(name, sockpath)
+
+ def close(self):
+ try:
+ self.parent.fg('{} stop {}'.format(self.NST_BIN, self.sockpath))
+ except CmdError:
+ pass
+
+ try:
+ self.holder.stop()
+ finally:
+ try:
+ os.remove(self.sockpath)
+ except FileNotFoundError:
+ pass
+
+ os.rmdir(os.path.dirname(self.sockpath))
+ super().close()
+
+
+class IsolatedNetTasst(BaseSiteTasst):
+ """
+ Test a site with isolated network
+
+ :avocado: disable
+ :avocado: tags=meta
+ """
+
+ def subsetup(self, site):
+ Tasst.subsetup(self, IsolatedNetTasst, site)
+ BaseSiteTasst.subsetup(self, site)
+
+ def test_isolated_net(self):
+ site = self.get_subsetup(IsolatedNetTasst)
+ self.assertEquals(site.ifs(), ['lo'])
+
+
+class UserNetNsTasst(IsolatedNetTasst):
+ """
+ Test creating a userns+netns together
+
+ :avocado: tags=meta
+ """
+ def setUp(self):
+ super().setUp()
+ self.ns = UnshareSite(type(self).__name__, '-Ucn')
+ IsolatedNetTasst.subsetup(self, self.ns)
+
+ def tearDown(self):
+ self.ns.close()
+ super().tearDown()
+
+ def test_userns(self):
+ REAL_HOST.require_cmds('capsh')
+ self.ns.require_cmds('capsh')
+ capcmd = 'capsh --has-p=CAP_SETUID'
+ self.assertRaises(CmdError, REAL_HOST.fg, capcmd)
+ self.ns.fg(capcmd, sudo=True)
+
+
+class NestedNsTasst(IsolatedNetTasst):
+ """
+ Test creating userns with a netns nested within
+
+ :avocado: tags=meta
+ """
+ def setUp(self):
+ super().setUp()
+ self.userns = UnshareSite(type(self).__name__ + '.userns', '-Uc')
+ self.netns = UnshareSite(type(self).__name__ + '.netns', '-n',
+ parent=self.userns, sudo=True)
+ IsolatedNetTasst.subsetup(self, self.netns)
+
+ def tearDown(self):
+ self.netns.close()
+ self.userns.close()
+ super().tearDown()
+
+
+class PidNsTasst(IsolatedNetTasst):
+ """
+ Test unsing unshare -p to create a pidns
+
+ :avocado: tags=meta
+ """
+ def setUp(self):
+ super().setUp()
+ self.pidns = UnshareSite(type(self).__name__, '-Upfn')
+ IsolatedNetTasst.subsetup(self, self.pidns)
+
+ def tearDown(self):
+ self.pidns.close()
+ super().tearDown()
+
+ def test_relative_pid(self):
+ # The holder is init (pid 1) within its own pidns
+ self.assertEquals(self.pidns.relative_pid(self.pidns), 1)
+
+
+class ConnectNsToolTasst(BaseSiteTasst):
+ """
+ Test connecting to a pre-existing nstool
+
+ :avocado: tags=meta
+ """
+ def setUp(self):
+ super().setUp()
+ self.sockpath = temp_sockpath(type(self).__name__)
+ holdcmd = '{} hold {}'.format(NsToolSite.NST_BIN, self.sockpath)
+ self.holder = REAL_HOST.bg(holdcmd)
+ BaseSiteTasst.subsetup(self, NsToolSite("fake ns", self.sockpath))
+
+ def tearDown(self):
+ try:
+ self.holder.stop()
+ finally:
+ try:
+ os.remove(self.sockpath)
+ except FileNotFoundError:
+ pass
+
+ os.rmdir(os.path.dirname(self.sockpath))
+ super().tearDown()
--
2.40.1
next prev parent reply other threads:[~2023-05-16 2:01 UTC|newest]
Thread overview: 22+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-05-16 2:01 [PATCH v2 00/21] RFCv2: Proof-of-concept conversion of some tests to Avocado framework David Gibson
2023-05-16 2:01 ` [PATCH v2 01/21] test/nstool: Provide useful error if given a path that's too long David Gibson
2023-05-16 2:01 ` [PATCH v2 02/21] test/nstool: Fix fd leak in accept() loop David Gibson
2023-05-16 2:01 ` [PATCH v2 03/21] avocado: Make a duplicate copy of testsuite for comparison purposes David Gibson
2023-05-16 2:01 ` [PATCH v2 04/21] avocado: Don't double download assets for test/ and oldtest/ David Gibson
2023-05-16 2:01 ` [PATCH v2 05/21] avocado: Move static checkers to avocado David Gibson
2023-05-16 2:01 ` [PATCH v2 06/21] avocado/tasst: Helper functions for executing commands in different places David Gibson
2023-05-16 2:01 ` [PATCH v2 07/21] avocado: Convert build tests to avocado David Gibson
2023-05-16 2:01 ` [PATCH v2 08/21] avocado/tasst: Add helpers for running background commands on sites David Gibson
2023-05-16 2:01 ` [PATCH v2 09/21] avocado/tasst: Add helper to get network interface names for a site David Gibson
2023-05-16 2:01 ` David Gibson [this message]
2023-05-16 2:01 ` [PATCH v2 11/21] avocado/tasst: Add ifup and network address helpers to Site David Gibson
2023-05-16 2:01 ` [PATCH v2 12/21] avocado/tasst: Helper for creating veth devices between namespaces David Gibson
2023-05-16 2:01 ` [PATCH v2 13/21] avocado/tasst: Add helper for getting MTU of a network interface David Gibson
2023-05-16 2:01 ` [PATCH v2 14/21] avocado/tasst: Add helper to wait for IP address to appear David Gibson
2023-05-16 2:01 ` [PATCH v2 15/21] avocado/tasst: Add helpers for getting a site's routes David Gibson
2023-05-16 2:01 ` [PATCH v2 16/21] avocado/tasst: Helpers for test transferring data between sites David Gibson
2023-05-16 2:01 ` [PATCH v2 17/21] avocado/tasst: IP address allocation helpers David Gibson
2023-05-16 2:01 ` [PATCH v2 18/21] avocado/tasst: Helpers for testing NDP behaviour David Gibson
2023-05-16 2:01 ` [PATCH v2 19/21] avocado/tasst: Helpers for testing DHCP & DHCPv6 behaviour David Gibson
2023-05-16 2:01 ` [PATCH v2 20/21] avocado/tasst: Helpers to construct a simple network environment for tests David Gibson
2023-05-16 2:01 ` [PATCH v2 21/21] avocado: Convert basic pasta tests David Gibson
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20230516020135.1901256-11-david@gibson.dropbear.id.au \
--to=david@gibson.dropbear.id.au \
--cc=crosa@redhat.com \
--cc=jarichte@redhat.com \
--cc=passt-dev@passt.top \
--cc=sbrivio@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://passt.top/passt
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for IMAP folder(s).