about summary refs log tree commit diff
path: root/nixos/tests
diff options
context:
space:
mode:
authorMarek Mahut <marek.mahut@gmail.com>2019-08-23 08:00:35 +0200
committerGitHub <noreply@github.com>2019-08-23 08:00:35 +0200
commit27acea73b80d22af43b2d0d64dc84e40c3beb991 (patch)
treee0c3ac19651d08b486d965993fe59cc1d9438460 /nixos/tests
parentdfc6d580bcc76f92a7ef2ab502a18ea4251594c2 (diff)
parent7e7fc6471e86cbc167255d56d84e2cbb8b0365ab (diff)
downloadnixlib-27acea73b80d22af43b2d0d64dc84e40c3beb991.tar
nixlib-27acea73b80d22af43b2d0d64dc84e40c3beb991.tar.gz
nixlib-27acea73b80d22af43b2d0d64dc84e40c3beb991.tar.bz2
nixlib-27acea73b80d22af43b2d0d64dc84e40c3beb991.tar.lz
nixlib-27acea73b80d22af43b2d0d64dc84e40c3beb991.tar.xz
nixlib-27acea73b80d22af43b2d0d64dc84e40c3beb991.tar.zst
nixlib-27acea73b80d22af43b2d0d64dc84e40c3beb991.zip
Merge pull request #67130 from uvNikita/containers/unprivileged
nixos/containers: add unprivileged option
Diffstat (limited to 'nixos/tests')
-rw-r--r--nixos/tests/all-tests.nix1
-rw-r--r--nixos/tests/containers-unprivileged.nix56
2 files changed, 57 insertions, 0 deletions
diff --git a/nixos/tests/all-tests.nix b/nixos/tests/all-tests.nix
index b6930cc3a706..3ac3d683b535 100644
--- a/nixos/tests/all-tests.nix
+++ b/nixos/tests/all-tests.nix
@@ -48,6 +48,7 @@ in
   colord = handleTest ./colord.nix {};
   containers-bridge = handleTest ./containers-bridge.nix {};
   containers-ephemeral = handleTest ./containers-ephemeral.nix {};
+  containers-unprivileged = handleTest ./containers-unprivileged.nix {};
   containers-extra_veth = handleTest ./containers-extra_veth.nix {};
   containers-hosts = handleTest ./containers-hosts.nix {};
   containers-imperative = handleTest ./containers-imperative.nix {};
diff --git a/nixos/tests/containers-unprivileged.nix b/nixos/tests/containers-unprivileged.nix
new file mode 100644
index 000000000000..2db6b7e4f022
--- /dev/null
+++ b/nixos/tests/containers-unprivileged.nix
@@ -0,0 +1,56 @@
+# Test for NixOS' container support.
+
+import ./make-test.nix ({ pkgs, ...} : {
+  name = "containers-unprivileged";
+
+  machine = { pkgs, ... }: {
+    virtualisation.memorySize = 768;
+    virtualisation.writableStore = true;
+
+    containers.webserver = {
+      unprivileged = true;
+      privateNetwork = true;
+      hostAddress = "10.231.136.1";
+      localAddress = "10.231.136.2";
+      config = {
+        services.nginx = {
+          enable = true;
+          virtualHosts.localhost = {
+            root = (pkgs.runCommand "localhost" {} ''
+              mkdir "$out"
+              echo hello world > "$out/index.html"
+            '');
+          };
+        };
+        networking.firewall.allowedTCPPorts = [ 80 ];
+      };
+    };
+  };
+
+  testScript = ''
+    $machine->succeed("nixos-container list") =~ /webserver/ or die;
+
+    # Start the webserver container.
+    $machine->succeed("nixos-container start webserver");
+
+    my $ip = $machine->succeed("nixos-container show-ip webserver");
+    chomp $ip;
+    $machine->succeed("ping -n -c1 $ip");
+
+    # Check that container root folder is owned by a new private user
+    $machine->succeed('test $(stat -c "%U" /var/lib/containers/webserver) == "vu-webserver-0"');
+
+    # Check that webserver is working before reload
+    $machine->succeed("curl --fail http://$ip/ > /dev/null");
+
+    # Reload container
+    $machine->succeed('systemctl reload container@webserver');
+
+    # Check that webserver is working after reload
+    $machine->succeed("curl --fail http://$ip/ > /dev/null");
+
+    # Stop the container.
+    $machine->succeed("nixos-container stop webserver");
+    $machine->fail("curl --fail --connect-timeout 2 http://$ip/ > /dev/null");
+  '';
+})
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-07-11 09:06:25 +0000