From mboxrd@z Thu Jan 1 00:00:00 1970 Authentication-Results: passt.top; dmarc=pass (p=quarantine dis=none) header.from=redhat.com Authentication-Results: passt.top; dkim=pass (1024-bit key; unprotected) header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256 header.s=mimecast20190719 header.b=MsXSDrbt; dkim-atps=neutral Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) by passt.top (Postfix) with ESMTPS id A39E25A026F for ; Wed, 24 Sep 2025 06:02:48 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1758686567; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=4pFtdX3CAzFJk7GWM2rvFPMM64rGSMvokYeHPF8aK8g=; b=MsXSDrbtyaNeA0njKmNuFxkpLuUfHvZJMGqR49OTcng49dqJ0P81METfZ3zRW3DqB5Verc Z39o58kYpydnHTyfBUEzhjPdcGvV81V0PDzLePWMZla2VMMP5H8J71Uuc8zcL6DNl8TKaV WO8nuWzLhvSmkUl9icuP0kNaprG6Cyw= Received: from mail-ed1-f70.google.com (mail-ed1-f70.google.com [209.85.208.70]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-491-zEn_eq39Mle6Zd-u5gLzXQ-1; Wed, 24 Sep 2025 00:02:42 -0400 X-MC-Unique: zEn_eq39Mle6Zd-u5gLzXQ-1 X-Mimecast-MFC-AGG-ID: zEn_eq39Mle6Zd-u5gLzXQ_1758686562 Received: by mail-ed1-f70.google.com with SMTP id 4fb4d7f45d1cf-61d31626b01so6397841a12.0 for ; Tue, 23 Sep 2025 21:02:42 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1758686561; x=1759291361; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=4pFtdX3CAzFJk7GWM2rvFPMM64rGSMvokYeHPF8aK8g=; b=ID/DMwvw95AnEM/zXBIQK10w4ygaiBrBR2tirpUYVannvDzhHzrZoM1cMve2MwLwyg u5v2InQxaSXRUGguTFKNNuzuQ7oLNfYHm2ipIJBpbMBKb5uZyxwpS/m16f0UKslFoRWI EKCqrqhqcLOrPlZHnzW6E596jksrfrNx8Sp9rayUY0XOIDQS69YM8SaVOKUb/5TXYvn5 r4rBBW40HGECYtv52LLOSo8KKrs1ddOwCcSIvrI8I2jcKhc/3fLhAiyRyzsj2i/klN8Q /WUkqEfD5ptFREHjrCBmRmeTydW4UP6Sd9qleoy1dA+H/SYC6EHcgI0teFw97lYzl3QU 2i7A== X-Forwarded-Encrypted: i=1; AJvYcCXiNBS0eQaPbztFANbHVYMbwaApJ8Ctkpl/lFw46GdF8KTG32oAkVm/4+pFg5yqNcFO4NN/Mrt8vEE=@passt.top X-Gm-Message-State: AOJu0YxdV0t0Bjc3z29aJkY0Ap9tGrFy/yVugAIqT3AG+EQhZF4Votr2 7IEfaIP7bCQ9RD2hFOlyFhaFvUIz0LyxYjBNbTSKBWfMZzSLTFvSFREOSrrMevAsgcj8SfheZzr Pq/1CS621ktCB2sjUelRM/XZFGxBMDuGE7Gd1+Wg7zfOJM4Ls8dHqtVp13azrIZ+gB1ghvh8QJJ W1h1mPsGaWpSJ+zI/l7fwm77bl7JYAy15WF0wh1AQ= X-Gm-Gg: ASbGncvbdj75RyaFFSPHfbClA5lwWxxYigLdKA8amYZGVkJ1TgwkW6VpzexYOAsjA/L XwT/DTn9l3jtfYLpZAsTtw7ojT7rw1wYQk+JbuNEjgATyWnhn84np/FKAai0ggfh346l+OdnBB3 okYQrsJUtZs6axbaUzZzkJnQ== X-Received: by 2002:a05:6402:1d54:b0:634:5791:605f with SMTP id 4fb4d7f45d1cf-63467678be1mr4323774a12.4.1758686561318; Tue, 23 Sep 2025 21:02:41 -0700 (PDT) X-Google-Smtp-Source: AGHT+IGqaUZTo3jNQsyi6RX2F9MpFSWeStf7fuEDM4fVRe7IDpypalnkO5MaT75m/OfqtIdHPjcYRxdHie72MBYfRhQ= X-Received: by 2002:a05:6402:1d54:b0:634:5791:605f with SMTP id 4fb4d7f45d1cf-63467678be1mr4323747a12.4.1758686560761; Tue, 23 Sep 2025 21:02:40 -0700 (PDT) MIME-Version: 1.0 References: <20250919014329.6007-1-yuhuang@redhat.com> <20250919115822.4e3aab21@elisabeth> <20250922220338.49013fce@elisabeth> <20250923123213.61ddd9d5@elisabeth> In-Reply-To: From: Yumei Huang Date: Wed, 24 Sep 2025 12:02:29 +0800 X-Gm-Features: AS18NWDnlIoah-4YDsL655855sTPBIJ_Ammr5JQBCbEEOEwd5y8bkfzLxVq_WEk Message-ID: Subject: Re: [PATCH] test: Update README.md To: David Gibson X-Mimecast-Spam-Score: 0 X-Mimecast-MFC-PROC-ID: sll9ohCeKs1O_S19x7Td_zdcMWTF6AQPbUa_3NdAUHI_1758686562 X-Mimecast-Originator: redhat.com Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Message-ID-Hash: K3TYWDQNB5BYP6ONBKEPXRWPPQNNLBOD X-Message-ID-Hash: K3TYWDQNB5BYP6ONBKEPXRWPPQNNLBOD X-MailFrom: yuhuang@redhat.com X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header CC: Stefano Brivio , passt-dev@passt.top X-Mailman-Version: 3.3.8 Precedence: list List-Id: Development discussion and patches for passt Archived-At: Archived-At: List-Archive: List-Archive: List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: On Wed, Sep 24, 2025 at 11:44=E2=80=AFAM David Gibson wrote: > > On Wed, Sep 24, 2025 at 09:58:57AM +0800, Yumei Huang wrote: > > On Tue, Sep 23, 2025 at 6:32=E2=80=AFPM Stefano Brivio wrote: > > > > > > On Tue, 23 Sep 2025 14:36:41 +0800 > > > Yumei Huang wrote: > > > > > > > On Tue, Sep 23, 2025 at 4:03=E2=80=AFAM Stefano Brivio wrote: > > > > > > > > > > On Mon, 22 Sep 2025 11:03:23 +0800 > > > > > Yumei Huang wrote: > > > > > > > > > > > On Fri, Sep 19, 2025 at 5:58=E2=80=AFPM Stefano Brivio wrote: > > > > > > > > > > > > > > On Fri, 19 Sep 2025 09:43:29 +0800 > > > > > > > Yumei Huang wrote: > > > > > > > > > > > > > > > Signed-off-by: Yumei Huang > > > > > > > > --- > > > > > > > > test/README.md | 31 +++++++++++++++++++++++++++++-- > > > > > > > > 1 file changed, 29 insertions(+), 2 deletions(-) > > > > > > > > > > > > > > > > diff --git a/test/README.md b/test/README.md > > > > > > > > index 91ca603..e3e9d37 100644 > > > > > > > > --- a/test/README.md > > > > > > > > +++ b/test/README.md > > > > > > > > @@ -32,7 +32,7 @@ Example for Debian, and possibly most Deb= ian-based distributions: > > > > > > > > git go iperf3 isc-dhcp-common jq libgpgme-dev libsecco= mp-dev linux-cpupower > > > > > > > > lm-sensors lz4 netavark netcat-openbsd psmisc qemu-efi= -aarch64 > > > > > > > > qemu-system-arm qemu-system-misc qemu-system-ppc qemu-= system-x86 > > > > > > > > - qemu-system-x86 sipcalc socat strace tmux uidmap valgr= ind > > > > > > > > + sipcalc socat strace tmux uidmap valgrind > > > > > > > > > > > > > > > > NOTE: the tests need a qemu version >=3D 7.2, or one that = contains commit > > > > > > > > 13c6be96618c ("net: stream: add unix socket"): this change= introduces support > > > > > > > > @@ -81,7 +81,12 @@ The following additional packages are co= mmonly needed: > > > > > > > > > > > > > > > > ## Regular test > > > > > > > > > > > > > > > > -Just issue: > > > > > > > > +Before running the tests, you need to prepare the required= assets: > > > > > > > > + > > > > > > > > + cd test > > > > > > > > + make assets > > > > > > > > + > > > > > > > > +Then issue: > > > > > > > > > > > > > > > > ./run > > > > > > > > > > > > > > > > @@ -91,6 +96,28 @@ variable settings: DEBUG=3D1 enables deb= ugging messages, TRACE=3D1 enables tracing > > > > > > > > > > > > > > > > PCAP=3D1 TRACE=3D1 ./run > > > > > > > > > > > > > > > > +**Note:** > > > > > > > > + > > > > > > > > +* It's recommended to run the commands as a non-root user. > > > > > > > > + Due to [Bug 967509](https://bugzilla.redhat.com/show_bug= .cgi?id=3D967509), > > > > > > > > + if you switch users with `su` or `sudo`, the directory `= /run/user/ID` may > > > > > > > > + not be created. In that case, `XDG_RUNTIME_DIR` will inc= orrectly point to > > > > > > > > + `/run/user/0` instead of `/run/user/ID`, which can cause= error. > > > > > > > > > > > > > > Thanks for the research, I wasn't aware of that, and recently= spent > > > > > > > quite some time figuring that out (for other reasons): > > > > > > > > > > > > > > https://issues.redhat.com/browse/RHEL-70222 > > > > > > > > > > > > > > in that case, XDG_RUNTIME_DIR was simply not set. Things were= working > > > > > > > with 'machinectl shell' instead. > > > > > > > > > > > > > > At the same time: running this whole stuff as root sounds rat= her crazy, > > > > > > > unless it's a throw-away VMs with absolutely nothing importan= t on it. > > > > > > > > > > > > > > That is, regardless of the issue with XDG_RUNTIME_DIR. I woul= d maybe > > > > > > > make the wording stronger, something like: > > > > > > > > > > > > > > * Don't run the tests as root, it's not needed! > > > > > > > * If you really need to, note that ... > > > > > > > > > > > > > > > + **Workaround:** Log out and log back in as the intended = user to ensure the > > > > > > > > + correct runtime directory is set up. > > > > > > > > > > > > > > We could also suggest 'machinectl shell' if it's really neede= d for > > > > > > > whatever reason. > > > > > > > > > > > > I'm not sure how 'machinectl shell' works here. The error happe= ns when > > > > > > running 'make assets', > > > > > > which calls 'prepare-distro-img.sh' script, which calls 'virsh = edit'. > > > > > > > > > > Ah, I didn't know! So this is actually similar to > > > > > https://issues.redhat.com/browse/RHEL-70222. > > > > > > > > > > > If we run 'make assets' with root, the error is like this: > > > > > > > > > > > > ./prepare-distro-img.sh prepared-debian-8.11.0-openstack-amd64.= qcow2 > > > > > > libguestfs: error: could not create appliance through libvirt. > > > > > > Original error from libvirt: Cannot access storage file > > > > > > '/home/test/passt/test/prepared-debian-8.11.0-openstack-amd64.q= cow2' > > > > > > (as uid:107, gid:107): Permission denied [code=3D38 int1=3D13] > > > > > > > > > > > > If we switch to a non-root user via 'su', the error is like thi= s: > > > > > > > > > > > > ./prepare-distro-img.sh prepared-debian-8.11.0-openstack-amd64.= qcow2 > > > > > > libvirt: XML-RPC error : Cannot create user runtime directory > > > > > > '/run/user/0/libvirt': Permission denied > > > > > > libguestfs: error: could not connect to libvirt (URI =3D > > > > > > qemu:///session): Cannot create user runtime directory > > > > > > '/run/user/0/libvirt': Permission denied [code=3D38 int1=3D13] > > > > > > make: *** [Makefile:115: prepared-debian-8.11.0-openstack-amd64= .qcow2] Error 1 > > > > > > > > > > > > Do you mean to run 'make assets' with 'machinectl shell'? What'= s the > > > > > > exact cmd here? I tried this, seems not work. > > > > > > > > > > > > # machinectl shell --uid=3D$(id -u pat) .host > > > > > > /home/test/passt/test/make assets > > > > > > Connected to the local host. Press ^] three times within 1s= to exit session. > > > > > > > > > > > > Connection to the local host terminated. > > > > > > > > > > No, I mean using 'machinectl shell' instead of 'su' (it's intende= d as a > > > > > replacement), that is: > > > > > > > > > > $ machinectl shell > > > > > # make assets > > > > > > > > > > ...because that one will set XDG_RUNTIME_DIR. > > > > > > > > Yes, 'machinectl shell' will solve the issue when switching to a > > > > non-root user via su. But it doesn't solve the issue when running > > > > 'make assets' as root. They are actually different issues as above. > > > > > > Can one need specify a XDG_RUNTIME_DIR that actually exists, maybe? > > > Does that work? > > > > I guess I need to clarify the issues more clearly. > > > > a) If we login the system with the non-root user, `/run/user/ID` is > > created and XDG_RUNTIME_DIR is pointing to that correctly. So 'make > > assets' works well. > > > > b) If we login the system with root, then switch to a non-root user > > via 'su', 'make assets' fails due to Bug 967509. XDG_RUNTIME_DIR is > > not reset and points to /run/user/(ID of the previous user), which is > > /run/user/0. > > > > libguestfs: error: could not connect to libvirt (URI =3D > > qemu:///session): Cannot create user runtime directory > > '/run/user/0/libvirt': Permission denied [code=3D38 int1=3D13] > > > > Switching the user with 'machinectl shell --uid=3D$user' can solve the = issue. > > > > c) If we run 'make assets' as root, (no matter we just login with > > root, or switch to root via su or machinectl shell), 'make assets' > > always fails with a different error. > > > > libguestfs: error: could not create appliance through libvirt. > > Original error from libvirt: Cannot access storage file > > '/home/pat/tmp/t5-passt/test/prepared-debian-10-nocloud-amd64.qcow2' > > (as uid:107, gid:107): Permission denied [code=3D38 int1=3D13] > > > > The XDG_RUNTIME_DIR is no longer an issue, since root can access every > > directory under /run/user. I guess the problem here is that we just > > can't run 'virsh edit' as root. > > I'm guessing the problem here is that something in the libguestfs -> libv= irt > -> whatever chain is dropping capabilities, so it no longer has > permission to everything. Or if the home directory there is mounted > via NFS or something, there can be root doesn't actually have > permission to everything. Yeah, probably. The workaround proposed is not for root. That's why I couldn't proceed with: * Don't run the tests as root, it's not needed! * If you really need to, note that ... > > > > > > > > Maybe we can just put it like: > > > > > > > > Running the commands as root is just not allowed. If you login > > > > the system with root, don't use su to switch users due to [Bug > > > > 967509](https://bugzilla.redhat.com/show_bug.cgi?id=3D967509). Log = out > > > > and log back in as the intended user, or use 'machinectl shell > > > > --uid=3D$user'. > > > > > > > > What do you think? > > > > > > Well, it's free software, so "not allowed" doesn't really mean much. > > > > > > I would simply warn users that it's a bad idea and it's not needed, > > > something like my previous proposal: > > > > > > * Don't run the tests as root, it's not needed! > > > * If you really need to, note that ... > > > > > > and then just list the workaround that actually works. > > > > > > I think the most typical need for running things as root is that you > > > don't actually have other users (it happens with some VM images or > > > in embedded systems), so 'machinectl shell --uid=3D$user' won't reall= y > > > help there. > > > > Well, I have to admit that I usually do everything with root on my > > test machines. And I don't see a solution/workaround to fix the issue > > when running 'make assets' as root as c). The workaround proposed is > > just for those who login with root and switch to a non-root user to > > run the tests. > > For many sorts of tests on throwaway machines, that's pretty > reasonable. Testing passt we specifically want to test that it > operates as non-root, so I'd suggest you tweak your procedures for > grabbing a test machine so that you routinely create a user. > Thank you for the suggestion. I've created a user for my test machine and login with it every time so I don't hit more permission issues :D > -- > David Gibson (he or they) | I'll have my music baroque, and my code > david AT gibson.dropbear.id.au | minimalist, thank you, not the other wa= y > | around. > http://www.ozlabs.org/~dgibson --=20 Thanks, Yumei Huang