nixos/podman: Add rootless containers to test

author: adisbladis <adisbladis@gmail.com> 2020-04-24 10:49:36 +0100
committer: adisbladis <adisbladis@gmail.com> 2020-04-24 10:50:17 +0100
commit: 67a61fbd34fe2494f22668169e3dc79e8967852a (patch)
tree: 14621f85f17a79788024a1225037a87c80f82a5f /nixos/tests
parent: ea9b5c5faa9cd05a364d9bf1c7844ba03e278cf7 (diff)
download: nixlib-67a61fbd34fe2494f22668169e3dc79e8967852a.tar
nixlib-67a61fbd34fe2494f22668169e3dc79e8967852a.tar.gz
nixlib-67a61fbd34fe2494f22668169e3dc79e8967852a.tar.bz2
nixlib-67a61fbd34fe2494f22668169e3dc79e8967852a.tar.lz
nixlib-67a61fbd34fe2494f22668169e3dc79e8967852a.tar.xz
nixlib-67a61fbd34fe2494f22668169e3dc79e8967852a.tar.zst
nixlib-67a61fbd34fe2494f22668169e3dc79e8967852a.zip
1 files changed, 39 insertions, 9 deletions
diff --git a/nixos/tests/podman.nix b/nixos/tests/podman.nix
index ccfe8334a160..283db71d9a49 100644
--- a/nixos/tests/podman.nix
+++ b/nixos/tests/podman.nix
@@ -10,21 +10,51 @@ import ./make-test-python.nix (
     nodes = {
       podman =
         { pkgs, ... }:
-          {
-            virtualisation.podman.enable = true;
+        {
+          virtualisation.podman.enable = true;
+          virtualisation.containers.users = [
+            "alice"
+          ];
+
+          users.users.alice = {
+            isNormalUser = true;
+            home = "/home/alice";
+            description = "Alice Foobar";
           };
+
+        };
     };
 
     testScript = ''
-      start_all()
+      import shlex
+
+
+      def su_cmd(cmd):
+          cmd = shlex.quote(cmd)
+          return f"su alice -l -c {cmd}"
+
 
       podman.wait_for_unit("sockets.target")
-      podman.succeed("tar cv --files-from /dev/null | podman import - scratchimg")
-      podman.succeed(
-          "podman run -d --name=sleeping -v /nix/store:/nix/store -v /run/current-system/sw/bin:/bin scratchimg /bin/sleep 10"
-      )
-      podman.succeed("podman ps | grep sleeping")
-      podman.succeed("podman stop sleeping")
+      start_all()
+
+
+      with subtest("Run container as root"):
+          podman.succeed("tar cv --files-from /dev/null | podman import - scratchimg")
+          podman.succeed(
+              "podman run -d --name=sleeping -v /nix/store:/nix/store -v /run/current-system/sw/bin:/bin scratchimg /bin/sleep 10"
+          )
+          podman.succeed("podman ps | grep sleeping")
+          podman.succeed("podman stop sleeping")
+
+      with subtest("Run container rootless"):
+          podman.succeed(su_cmd("tar cv --files-from /dev/null | podman import - scratchimg"))
+          podman.succeed(
+              su_cmd(
+                  "podman run -d --name=sleeping -v /nix/store:/nix/store -v /run/current-system/sw/bin:/bin scratchimg /bin/sleep 10"
+              )
+          )
+          podman.succeed(su_cmd("podman ps | grep sleeping"))
+          podman.succeed(su_cmd("podman stop sleeping"))
     '';
   }
 )
author	adisbladis <adisbladis@gmail.com>	2020-04-24 10:49:36 +0100
committer	adisbladis <adisbladis@gmail.com>	2020-04-24 10:50:17 +0100
commit	67a61fbd34fe2494f22668169e3dc79e8967852a (patch)
tree	14621f85f17a79788024a1225037a87c80f82a5f /nixos/tests
parent	ea9b5c5faa9cd05a364d9bf1c7844ba03e278cf7 (diff)
download	nixlib-67a61fbd34fe2494f22668169e3dc79e8967852a.tar nixlib-67a61fbd34fe2494f22668169e3dc79e8967852a.tar.gz nixlib-67a61fbd34fe2494f22668169e3dc79e8967852a.tar.bz2 nixlib-67a61fbd34fe2494f22668169e3dc79e8967852a.tar.lz nixlib-67a61fbd34fe2494f22668169e3dc79e8967852a.tar.xz nixlib-67a61fbd34fe2494f22668169e3dc79e8967852a.tar.zst nixlib-67a61fbd34fe2494f22668169e3dc79e8967852a.zip