From f77edd59d2a322c44c6167593d4458cf36de0a27 Mon Sep 17 00:00:00 2001 From: "Adam C. Stephens" Date: Sun, 9 Nov 2025 20:35:15 -0500 Subject: [PATCH] nixosTests.lxc: move to runTestOn --- nixos/tests/all-tests.nix | 2 +- nixos/tests/lxc/default.nix | 235 ++++++++++++++++++------------------ 2 files changed, 117 insertions(+), 120 deletions(-) diff --git a/nixos/tests/all-tests.nix b/nixos/tests/all-tests.nix index 15f15e2fc212..dd9bd3d0e350 100644 --- a/nixos/tests/all-tests.nix +++ b/nixos/tests/all-tests.nix @@ -889,7 +889,7 @@ in lorri = handleTest ./lorri/default.nix { }; luks = runTest ./luks.nix; lvm2 = handleTest ./lvm2 { }; - lxc = handleTest ./lxc { }; + lxc = runTestOn [ "x86_64-linux" "aarch64-linux" ] ./lxc; lxd-image-server = runTest ./lxd-image-server.nix; lxqt = runTest ./lxqt.nix; ly = runTest ./ly.nix; diff --git a/nixos/tests/lxc/default.nix b/nixos/tests/lxc/default.nix index 693f872ad093..25c0dd844d2c 100644 --- a/nixos/tests/lxc/default.nix +++ b/nixos/tests/lxc/default.nix @@ -1,131 +1,128 @@ -import ../make-test-python.nix ( - { pkgs, lib, ... }: +{ pkgs, lib, ... }: - let - releases = import ../../release.nix { - configuration = { - # Building documentation makes the test unnecessarily take a longer time: - documentation.enable = lib.mkForce false; - documentation.nixos.enable = lib.mkForce false; - # including a channel forces images to be rebuilt on any changes - system.installer.channel.enable = lib.mkForce false; +let + releases = import ../../release.nix { + configuration = { + # Building documentation makes the test unnecessarily take a longer time: + documentation.enable = lib.mkForce false; + documentation.nixos.enable = lib.mkForce false; + # including a channel forces images to be rebuilt on any changes + system.installer.channel.enable = lib.mkForce false; + }; + }; + + lxc-image-metadata = + releases.incusContainerMeta.${pkgs.stdenv.hostPlatform.system} + + "/tarball/nixos-image-lxc-*-${pkgs.stdenv.hostPlatform.system}.tar.xz"; + # the incus container rootfs is in squashfs, but lxc requires tar.xz so use containerTarball + lxc-image-rootfs = + releases.containerTarball.${pkgs.stdenv.hostPlatform.system} + + "/tarball/nixos-image-lxc-*-${pkgs.stdenv.hostPlatform.system}.tar.xz"; + +in +{ + name = "lxc-container-unprivileged"; + + meta = { + maintainers = lib.teams.lxc.members; + }; + + nodes.machine = { + virtualisation = { + diskSize = 6144; + cores = 2; + memorySize = 512; + writableStore = true; + + lxc = { + enable = true; + unprivilegedContainers = true; + systemConfig = '' + lxc.lxcpath = /tmp/lxc + ''; + defaultConfig = '' + lxc.net.0.type = veth + lxc.net.0.link = lxcbr0 + lxc.net.0.flags = up + lxc.net.0.hwaddr = 00:16:3e:xx:xx:xx + lxc.idmap = u 0 100000 65536 + lxc.idmap = g 0 100000 65536 + ''; + # Permit user alice to connect to bridge + usernetConfig = '' + @lxc-user veth lxcbr0 10 + ''; + bridgeConfig = '' + LXC_IPV6_ADDR="" + LXC_IPV6_MASK="" + LXC_IPV6_NETWORK="" + LXC_IPV6_NAT="false" + ''; }; }; - lxc-image-metadata = - releases.incusContainerMeta.${pkgs.stdenv.hostPlatform.system} - + "/tarball/nixos-image-lxc-*-${pkgs.stdenv.hostPlatform.system}.tar.xz"; - lxc-image-rootfs = - releases.containerTarball.${pkgs.stdenv.hostPlatform.system} - + "/tarball/nixos-image-lxc-*-${pkgs.stdenv.hostPlatform.system}.tar.xz"; + # Needed for lxc + environment.systemPackages = [ + pkgs.wget + pkgs.dnsmasq + ]; - in - { - name = "lxc-container-unprivileged"; - - meta = { - maintainers = lib.teams.lxc.members; + # Create user for test + users.users.alice = { + isNormalUser = true; + password = "test"; + description = "Lxc unprivileged user with access to lxcbr0"; + extraGroups = [ "lxc-user" ]; + subGidRanges = [ + { + startGid = 100000; + count = 65536; + } + ]; + subUidRanges = [ + { + startUid = 100000; + count = 65536; + } + ]; }; - nodes.machine = - { lib, pkgs, ... }: - { - virtualisation = { - diskSize = 6144; - cores = 2; - memorySize = 512; - writableStore = true; + users.users.bob = { + isNormalUser = true; + password = "test"; + description = "Lxc unprivileged user without access to lxcbr0"; + subGidRanges = [ + { + startGid = 100000; + count = 65536; + } + ]; + subUidRanges = [ + { + startUid = 100000; + count = 65536; + } + ]; + }; + }; - lxc = { - enable = true; - unprivilegedContainers = true; - systemConfig = '' - lxc.lxcpath = /tmp/lxc - ''; - defaultConfig = '' - lxc.net.0.type = veth - lxc.net.0.link = lxcbr0 - lxc.net.0.flags = up - lxc.net.0.hwaddr = 00:16:3e:xx:xx:xx - lxc.idmap = u 0 100000 65536 - lxc.idmap = g 0 100000 65536 - ''; - # Permit user alice to connect to bridge - usernetConfig = '' - @lxc-user veth lxcbr0 10 - ''; - bridgeConfig = '' - LXC_IPV6_ADDR="" - LXC_IPV6_MASK="" - LXC_IPV6_NETWORK="" - LXC_IPV6_NAT="false" - ''; - }; - }; + testScript = '' + machine.wait_for_unit("lxc-net.service") - # Needed for lxc - environment.systemPackages = [ - pkgs.wget - pkgs.dnsmasq - ]; + # Copy config files for alice + machine.execute("su -- alice -c 'mkdir -p ~/.config/lxc'") + machine.execute("su -- alice -c 'cp /etc/lxc/default.conf ~/.config/lxc/'") + machine.execute("su -- alice -c 'cp /etc/lxc/lxc.conf ~/.config/lxc/'") - # Create user for test - users.users.alice = { - isNormalUser = true; - password = "test"; - description = "Lxc unprivileged user with access to lxcbr0"; - extraGroups = [ "lxc-user" ]; - subGidRanges = [ - { - startGid = 100000; - count = 65536; - } - ]; - subUidRanges = [ - { - startUid = 100000; - count = 65536; - } - ]; - }; + machine.succeed("su -- alice -c 'lxc-create -t local -n test -- --metadata ${lxc-image-metadata} --fstree ${lxc-image-rootfs}'") + machine.succeed("su -- alice -c 'lxc-start test'") + machine.succeed("su -- alice -c 'lxc-stop test'") - users.users.bob = { - isNormalUser = true; - password = "test"; - description = "Lxc unprivileged user without access to lxcbr0"; - subGidRanges = [ - { - startGid = 100000; - count = 65536; - } - ]; - subUidRanges = [ - { - startUid = 100000; - count = 65536; - } - ]; - }; - }; + # Copy config files for bob + machine.execute("su -- bob -c 'mkdir -p ~/.config/lxc'") + machine.execute("su -- bob -c 'cp /etc/lxc/default.conf ~/.config/lxc/'") + machine.execute("su -- bob -c 'cp /etc/lxc/lxc.conf ~/.config/lxc/'") - testScript = '' - machine.wait_for_unit("lxc-net.service") - - # Copy config files for alice - machine.execute("su -- alice -c 'mkdir -p ~/.config/lxc'") - machine.execute("su -- alice -c 'cp /etc/lxc/default.conf ~/.config/lxc/'") - machine.execute("su -- alice -c 'cp /etc/lxc/lxc.conf ~/.config/lxc/'") - - machine.succeed("su -- alice -c 'lxc-create -t local -n test -- --metadata ${lxc-image-metadata} --fstree ${lxc-image-rootfs}'") - machine.succeed("su -- alice -c 'lxc-start test'") - machine.succeed("su -- alice -c 'lxc-stop test'") - - # Copy config files for bob - machine.execute("su -- bob -c 'mkdir -p ~/.config/lxc'") - machine.execute("su -- bob -c 'cp /etc/lxc/default.conf ~/.config/lxc/'") - machine.execute("su -- bob -c 'cp /etc/lxc/lxc.conf ~/.config/lxc/'") - - machine.fail("su -- bob -c 'lxc-start test'") - ''; - } -) + machine.fail("su -- bob -c 'lxc-start test'") + ''; +}