launchpad-buildd

Merge lp:~cjwatson/launchpad-buildd/lxd-powerpc into lp:launchpad-buildd

  1. lxd-powerpc
  2. Merge into trunk
Proposed by Colin Watson
Status: Merged
Merged at revision: 277
Proposed branch: lp:~cjwatson/launchpad-buildd/lxd-powerpc
Merge into: lp:launchpad-buildd
Diff against target: 175 lines (+73/-41)
3 files modified
debian/changelog (+7/-0)
lpbuildd/target/lxd.py (+22/-15)
lpbuildd/target/tests/test_lxd.py (+44/-26)
To merge this branch: bzr merge lp:~cjwatson/launchpad-buildd/lxd-powerpc
Reviewer Review Type Date Requested Status
William Grant code Approve
Review via email: mp+330208@code.launchpad.net

Commit message

Tell LXD to disable seccomp on powerpc, since it doesn't work there on Linux 4.4.

To post a comment you must log in.
Revision history for this message
William Grant (wgrant) :
review: Approve (code)
lp:~cjwatson/launchpad-buildd/lxd-powerpc updated
280. By Colin Watson

Add comment for powerpc seccomp issues.

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1=== modified file 'debian/changelog'
2--- debian/changelog 2017-09-01 12:52:20 +0000
3+++ debian/changelog 2017-09-06 09:37:21 +0000
4@@ -1,3 +1,10 @@
5+launchpad-buildd (150) UNRELEASED; urgency=medium
6+
7+ * Tell LXD to disable seccomp on powerpc, since it doesn't work there on
8+ Linux 4.4.
9+
10+ -- Colin Watson <cjwatson@ubuntu.com> Tue, 05 Sep 2017 10:41:55 +0100
11+
12 launchpad-buildd (149) xenial; urgency=medium
13
14 * Clamp the TCP MSS on the LXD bridge interface to the path MTU, to avoid
15
16=== modified file 'lpbuildd/target/lxd.py'
17--- lpbuildd/target/lxd.py 2017-09-01 12:47:09 +0000
18+++ lpbuildd/target/lxd.py 2017-09-06 09:37:21 +0000
19@@ -245,10 +245,7 @@
20 os.unlink(self.dnsmasq_pid_file)
21 subprocess.call(["sudo", "ip", "link", "delete", self.bridge_name])
22
23- def start(self):
24- """See `Backend`."""
25- self.stop()
26-
27+ def create_profile(self):
28 for addr in self.ipv4_network:
29 if addr not in (
30 self.ipv4_network.network, self.ipv4_network.ip,
31@@ -267,20 +264,25 @@
32 else:
33 old_profile.delete()
34
35+ raw_lxc_config = [
36+ ("lxc.aa_profile", "unconfined"),
37+ ("lxc.cgroup.devices.deny", ""),
38+ ("lxc.cgroup.devices.allow", ""),
39+ ("lxc.mount.auto", ""),
40+ ("lxc.mount.auto", "proc:rw sys:rw"),
41+ ("lxc.network.0.ipv4", ipv4_address),
42+ ("lxc.network.0.ipv4.gateway", self.ipv4_network.ip),
43+ ]
44+ # Linux 4.4 on powerpc doesn't support all the seccomp bits that LXD
45+ # needs.
46+ if self.arch == "powerpc":
47+ raw_lxc_config.append(("lxc.seccomp", ""))
48 config = {
49 "security.privileged": "true",
50 "security.nesting": "true",
51- "raw.lxc": dedent("""\
52- lxc.aa_profile=unconfined
53- lxc.cgroup.devices.deny=
54- lxc.cgroup.devices.allow=
55- lxc.mount.auto=
56- lxc.mount.auto=proc:rw sys:rw
57- lxc.network.0.ipv4={ipv4_address}
58- lxc.network.0.ipv4.gateway={ipv4_gateway}
59- """.format(
60- ipv4_address=ipv4_address,
61- ipv4_gateway=self.ipv4_network.ip)),
62+ "raw.lxc": "".join(
63+ "{key}={value}\n".format(key=key, value=value)
64+ for key, value in raw_lxc_config),
65 }
66 devices = {
67 "eth0": {
68@@ -292,6 +294,11 @@
69 }
70 self.client.profiles.create(self.profile_name, config, devices)
71
72+ def start(self):
73+ """See `Backend`."""
74+ self.stop()
75+
76+ self.create_profile()
77 self.start_bridge()
78
79 container = self.client.containers.create({
80
81=== modified file 'lpbuildd/target/tests/test_lxd.py'
82--- lpbuildd/target/tests/test_lxd.py 2017-09-01 12:47:09 +0000
83+++ lpbuildd/target/tests/test_lxd.py 2017-09-06 09:37:21 +0000
84@@ -122,32 +122,8 @@
85 image.add_alias.assert_called_once_with(
86 "lp-xenial-amd64", "lp-xenial-amd64")
87
88- def test_start(self):
89- fs_fixture = self.useFixture(FakeFilesystem())
90- fs_fixture.add("/sys")
91- fs_fixture.add("/run")
92- os.makedirs("/run/launchpad-buildd")
93- fs_fixture.add("/etc")
94- os.mkdir("/etc")
95- with open("/etc/resolv.conf", "w") as f:
96- print("host resolv.conf", file=f)
97- os.chmod("/etc/resolv.conf", 0o644)
98- self.useFixture(MockPatch("pylxd.Client"))
99+ def assert_correct_profile(self, extra_raw_lxc_config=""):
100 client = pylxd.Client()
101- client.profiles.get.side_effect = FakeLXDAPIException
102- container = client.containers.create.return_value
103- client.containers.get.return_value = container
104- container.start.side_effect = (
105- lambda wait=False: setattr(container, "status_code", LXD_RUNNING))
106- files_api = container.api.files
107- files_api._api_endpoint = "/1.0/containers/lp-xenial-amd64/files"
108- files_api.session.get.return_value.status_code = 200
109- files_api.session.get.return_value.iter_content.return_value = (
110- iter([b"127.0.0.1\tlocalhost\n"]))
111- processes_fixture = self.useFixture(FakeProcesses())
112- processes_fixture.add(lambda _: {}, name="sudo")
113- LXD("1", "xenial", "amd64").start()
114-
115 client.profiles.get.assert_called_once_with("lpbuildd")
116 expected_config = {
117 "security.privileged": "true",
118@@ -160,7 +136,7 @@
119 lxc.mount.auto=proc:rw sys:rw
120 lxc.network.0.ipv4=10.10.10.2/24
121 lxc.network.0.ipv4.gateway=10.10.10.1
122- """),
123+ """) + extra_raw_lxc_config,
124 }
125 expected_devices = {
126 "eth0": {
127@@ -173,6 +149,48 @@
128 client.profiles.create.assert_called_once_with(
129 "lpbuildd", expected_config, expected_devices)
130
131+ def test_create_profile_amd64(self):
132+ self.useFixture(MockPatch("pylxd.Client"))
133+ client = pylxd.Client()
134+ client.profiles.get.side_effect = FakeLXDAPIException
135+ LXD("1", "xenial", "amd64").create_profile()
136+ self.assert_correct_profile()
137+
138+ def test_create_profile_powerpc(self):
139+ self.useFixture(MockPatch("pylxd.Client"))
140+ client = pylxd.Client()
141+ client.profiles.get.side_effect = FakeLXDAPIException
142+ LXD("1", "xenial", "powerpc").create_profile()
143+ self.assert_correct_profile("lxc.seccomp=\n")
144+
145+ def test_start(self):
146+ fs_fixture = self.useFixture(FakeFilesystem())
147+ fs_fixture.add("/sys")
148+ fs_fixture.add("/run")
149+ os.makedirs("/run/launchpad-buildd")
150+ fs_fixture.add("/etc")
151+ os.mkdir("/etc")
152+ with open("/etc/resolv.conf", "w") as f:
153+ print("host resolv.conf", file=f)
154+ os.chmod("/etc/resolv.conf", 0o644)
155+ self.useFixture(MockPatch("pylxd.Client"))
156+ client = pylxd.Client()
157+ client.profiles.get.side_effect = FakeLXDAPIException
158+ container = client.containers.create.return_value
159+ client.containers.get.return_value = container
160+ container.start.side_effect = (
161+ lambda wait=False: setattr(container, "status_code", LXD_RUNNING))
162+ files_api = container.api.files
163+ files_api._api_endpoint = "/1.0/containers/lp-xenial-amd64/files"
164+ files_api.session.get.return_value.status_code = 200
165+ files_api.session.get.return_value.iter_content.return_value = (
166+ iter([b"127.0.0.1\tlocalhost\n"]))
167+ processes_fixture = self.useFixture(FakeProcesses())
168+ processes_fixture.add(lambda _: {}, name="sudo")
169+ LXD("1", "xenial", "amd64").start()
170+
171+ self.assert_correct_profile()
172+
173 ip = ["sudo", "ip"]
174 iptables = ["sudo", "iptables", "-w"]
175 iptables_comment = [

Subscribers

People subscribed via source and target branches

to all changes: