diff options
author | Alyssa Ross <hi@alyssa.is> | 2024-06-23 00:32:22 +0200 |
---|---|---|
committer | Alyssa Ross <hi@alyssa.is> | 2024-06-23 00:32:22 +0200 |
commit | 6402b188ddd100b3cd6afe7b8a3e553365203f43 (patch) | |
tree | 676b85e4a6ffee092e413e723f7dce8ba01bb48f /nixpkgs/nixos/tests/systemd-machinectl.nix | |
parent | 5a1826585861b32ce2509c0643e793196d81893e (diff) | |
parent | d603719ec6e294f034936c0d0dc06f689d91b6c3 (diff) | |
download | nixlib-6402b188ddd100b3cd6afe7b8a3e553365203f43.tar nixlib-6402b188ddd100b3cd6afe7b8a3e553365203f43.tar.gz nixlib-6402b188ddd100b3cd6afe7b8a3e553365203f43.tar.bz2 nixlib-6402b188ddd100b3cd6afe7b8a3e553365203f43.tar.lz nixlib-6402b188ddd100b3cd6afe7b8a3e553365203f43.tar.xz nixlib-6402b188ddd100b3cd6afe7b8a3e553365203f43.tar.zst nixlib-6402b188ddd100b3cd6afe7b8a3e553365203f43.zip |
Merge remote-tracking branch 'nixpkgs/nixos-unstable'
Diffstat (limited to 'nixpkgs/nixos/tests/systemd-machinectl.nix')
-rw-r--r-- | nixpkgs/nixos/tests/systemd-machinectl.nix | 24 |
1 files changed, 24 insertions, 0 deletions
diff --git a/nixpkgs/nixos/tests/systemd-machinectl.nix b/nixpkgs/nixos/tests/systemd-machinectl.nix index 9d761c6d4d8b..555a8bb43b30 100644 --- a/nixpkgs/nixos/tests/systemd-machinectl.nix +++ b/nixpkgs/nixos/tests/systemd-machinectl.nix @@ -76,10 +76,23 @@ in }; }; + systemd.nspawn.${containerName} = { + filesConfig = { + # workaround to fix kernel namespaces; needed for Nix sandbox + # https://github.com/systemd/systemd/issues/27994#issuecomment-1704005670 + Bind = "/proc:/run/proc"; + }; + }; + systemd.services."systemd-nspawn@${containerName}" = { serviceConfig.Environment = [ # Disable tmpfs for /tmp "SYSTEMD_NSPAWN_TMPFS_TMP=0" + + # force unified cgroup delegation, which would be the default + # if systemd could check the capabilities of the installed systemd. + # see also: https://github.com/NixOS/nixpkgs/pull/198526 + "SYSTEMD_NSPAWN_UNIFIED_HIERARCHY=1" ]; overrideStrategy = "asDropin"; }; @@ -121,6 +134,17 @@ in machine.succeed("machinectl start ${containerName}"); machine.wait_until_succeeds("systemctl -M ${containerName} is-active default.target"); + # Test systemd-nspawn configured unified cgroup delegation + # see also: + # https://github.com/systemd/systemd/blob/main/docs/CGROUP_DELEGATION.md#three-different-tree-setups- + machine.succeed('systemd-run --pty --wait -M ${containerName} /run/current-system/sw/bin/stat --format="%T" --file-system /sys/fs/cgroup > fstype') + machine.succeed('test $(tr -d "\\r" < fstype) = cgroup2fs') + + # Test if systemd-nspawn provides a working environment for nix to build derivations + # https://nixos.org/guides/nix-pills/07-working-derivation + machine.succeed('systemd-run --pty --wait -M ${containerName} /run/current-system/sw/bin/nix-instantiate --expr \'derivation { name = "myname"; builder = "/bin/sh"; args = [ "-c" "echo foo > $out" ]; system = "${pkgs.system}"; }\' --add-root /tmp/drv') + machine.succeed('systemd-run --pty --wait -M ${containerName} /run/current-system/sw/bin/nix-store --option substitute false --realize /tmp/drv') + # Test nss_mymachines without nscd machine.succeed('LD_LIBRARY_PATH="/run/current-system/sw/lib" getent -s hosts:mymachines hosts ${containerName}'); |