Bug#911806: Please provide a way to opt out of AppArmor confinement when running tests
Michael Biebl
biebl at debian.org
Sat Oct 27 12:18:13 BST 2018
Hi!
Am 27.10.18 um 10:20 schrieb intrigeri:
> So on the LXC + AppArmor vs. systemd v240+ front, I think the next
> steps are:
>
> 1. Try running current systemd master branch and its autopkgtests
> inside a container managed by LXC 2.x on current testing/sid.
> Goal: confirm the issues Michael discovered and have a baseline
> to evaluate LXC 3.x against.
>
> 2. Try running current systemd master branch and its autopkgtests
> inside a container managed by LXC 3.x on current testing/sid.
> Report any issue so they're fixed before 3.x becomes stable
> and is hopefully included in Buster.
In case you want to reproduce the failures, these are the rough steps I
used on Debian sid
1/ Install lxc
# apt install lxc
2/ Setup /etc/default/lxc-net:
# cat /etc/default/lxc-net
USE_LXC_BRIDGE="true"
LXC_BRIDGE="lxcbr0"
LXC_ADDR="10.0.3.1"
LXC_NETMASK="255.255.255.0"
LXC_NETWORK="10.0.3.0/24"
LXC_DHCP_RANGE="10.0.3.2,10.0.3.254"
LXC_DHCP_MAX="253"
# cat /etc/lxc/default.conf
lxc.network.type = veth
lxc.network.link = lxcbr0
lxc.network.flags = up
# systemctl restart lxc-net
3/ Install autopkgtest and create an LXC container for autopkgtest:
# apt install autopkgtest
# autopkgtest-build-lxc debian sid
4/ Clone the systemd trunk-ci scripts:
$ git clone https://salsa.debian.org/systemd-team/trunk-ci.git
5/ Create a dsc
$ ./make-dsc
<this will create a systemd_$version+upstream$date-0.master.dsc>
6/ Build the package using dpkg-buildpackage, pbuilder, sbuild, your
favourite tool.
You want to specify the "noudeb" profile, to speed up the build and
avoid building udebs.
7/ Run autopkgtest via LXC
# autopkgtest -o logs *.dsc *.deb -- lxc -s autopkgtest-sid
In case you want to run the LXC container with AA turned off, add the
following to /var/lib/lxc/autopkgtest-sid/config
lxc.aa_profile = unconfined
There are currently two, known failures with AA turned off:
- dnsmasq 2.80 introduced a regression in networkd-test.py
- test-bpf failing
With AA turned on, the list of failing tests is too long to list here.
I've made two runs of current systemd git master with AA turned on and
off. See
https://people.debian.org/~biebl/lxc/log-confined.txt
https://people.debian.org/~biebl/lxc/log-unconfined.txt
Hope this helpful.
Regards,
Michael
--
Why is it that all of the instruments seeking intelligent life in the
universe are pointed away from Earth?
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://alioth-lists.debian.net/pipermail/pkg-systemd-maintainers/attachments/20181027/dd43d174/attachment.sig>
More information about the Pkg-systemd-maintainers
mailing list