1
=== modified file 'debian/changelog'
2
--- debian/changelog	2017-09-01 12:52:20 +0000
3
+++ debian/changelog	2017-09-06 09:37:21 +0000
4
@@ -1,3 +1,10 @@
5
1
launchpad-buildd (150) UNRELEASED; urgency=medium
6
2
7
3
  * Tell LXD to disable seccomp on powerpc, since it doesn't work there on
8
4
    Linux 4.4.
9
5
10
6
 -- Colin Watson <cjwatson@ubuntu.com>  Tue, 05 Sep 2017 10:41:55 +0100
11
7
12
1
launchpad-buildd (149) xenial; urgency=medium
8
launchpad-buildd (149) xenial; urgency=medium
13
2
9
14
3
  * Clamp the TCP MSS on the LXD bridge interface to the path MTU, to avoid
10
  * Clamp the TCP MSS on the LXD bridge interface to the path MTU, to avoid
15
4
11
16
=== modified file 'lpbuildd/target/lxd.py'
17
--- lpbuildd/target/lxd.py	2017-09-01 12:47:09 +0000
18
+++ lpbuildd/target/lxd.py	2017-09-06 09:37:21 +0000
19
@@ -245,10 +245,7 @@
20
245
            os.unlink(self.dnsmasq_pid_file)
245
            os.unlink(self.dnsmasq_pid_file)
21
246
        subprocess.call(["sudo", "ip", "link", "delete", self.bridge_name])
246
        subprocess.call(["sudo", "ip", "link", "delete", self.bridge_name])
22
247
247
27
248
    def start(self):
248
    def create_profile(self):
24
249
        """See `Backend`."""
25
250
        self.stop()
26
251
28
252
        for addr in self.ipv4_network:
249
        for addr in self.ipv4_network:
29
253
            if addr not in (
250
            if addr not in (
30
254
                    self.ipv4_network.network, self.ipv4_network.ip,
251
                    self.ipv4_network.network, self.ipv4_network.ip,
31
@@ -267,20 +264,25 @@
32
267
        else:
264
        else:
33
268
            old_profile.delete()
265
            old_profile.delete()
34
269
266
35
267
        raw_lxc_config = [
36
268
            ("lxc.aa_profile", "unconfined"),
37
269
            ("lxc.cgroup.devices.deny", ""),
38
270
            ("lxc.cgroup.devices.allow", ""),
39
271
            ("lxc.mount.auto", ""),
40
272
            ("lxc.mount.auto", "proc:rw sys:rw"),
41
273
            ("lxc.network.0.ipv4", ipv4_address),
42
274
            ("lxc.network.0.ipv4.gateway", self.ipv4_network.ip),
43
275
            ]
44
276
        # Linux 4.4 on powerpc doesn't support all the seccomp bits that LXD
45
277
        # needs.
46
278
        if self.arch == "powerpc":
47
279
            raw_lxc_config.append(("lxc.seccomp", ""))
48
270
        config = {
280
        config = {
49
271
            "security.privileged": "true",
281
            "security.privileged": "true",
50
272
            "security.nesting": "true",
282
            "security.nesting": "true",
62
273
            "raw.lxc": dedent("""\
283
            "raw.lxc": "".join(
63
274
                lxc.aa_profile=unconfined
284
                "{key}={value}\n".format(key=key, value=value)
64
275
                lxc.cgroup.devices.deny=
285
                for key, value in raw_lxc_config),
54
276
                lxc.cgroup.devices.allow=
55
277
                lxc.mount.auto=
56
278
                lxc.mount.auto=proc:rw sys:rw
57
279
                lxc.network.0.ipv4={ipv4_address}
58
280
                lxc.network.0.ipv4.gateway={ipv4_gateway}
59
281
                """.format(
60
282
                    ipv4_address=ipv4_address,
61
283
                    ipv4_gateway=self.ipv4_network.ip)),
65
284
            }
286
            }
66
285
        devices = {
287
        devices = {
67
286
            "eth0": {
288
            "eth0": {
68
@@ -292,6 +294,11 @@
69
292
            }
294
            }
70
293
        self.client.profiles.create(self.profile_name, config, devices)
295
        self.client.profiles.create(self.profile_name, config, devices)
71
294
296
72
297
    def start(self):
73
298
        """See `Backend`."""
74
299
        self.stop()
75
300
76
301
        self.create_profile()
77
295
        self.start_bridge()
302
        self.start_bridge()
78
296
303
79
297
        container = self.client.containers.create({
304
        container = self.client.containers.create({
80
298
305
81
=== modified file 'lpbuildd/target/tests/test_lxd.py'
82
--- lpbuildd/target/tests/test_lxd.py	2017-09-01 12:47:09 +0000
83
+++ lpbuildd/target/tests/test_lxd.py	2017-09-06 09:37:21 +0000
84
@@ -122,32 +122,8 @@
85
122
        image.add_alias.assert_called_once_with(
122
        image.add_alias.assert_called_once_with(
86
123
            "lp-xenial-amd64", "lp-xenial-amd64")
123
            "lp-xenial-amd64", "lp-xenial-amd64")
87
124
124
99
125
    def test_start(self):
125
    def assert_correct_profile(self, extra_raw_lxc_config=""):
89
126
        fs_fixture = self.useFixture(FakeFilesystem())
90
127
        fs_fixture.add("/sys")
91
128
        fs_fixture.add("/run")
92
129
        os.makedirs("/run/launchpad-buildd")
93
130
        fs_fixture.add("/etc")
94
131
        os.mkdir("/etc")
95
132
        with open("/etc/resolv.conf", "w") as f:
96
133
            print("host resolv.conf", file=f)
97
134
        os.chmod("/etc/resolv.conf", 0o644)
98
135
        self.useFixture(MockPatch("pylxd.Client"))
100
136
        client = pylxd.Client()
126
        client = pylxd.Client()
101
137
        client.profiles.get.side_effect = FakeLXDAPIException
102
138
        container = client.containers.create.return_value
103
139
        client.containers.get.return_value = container
104
140
        container.start.side_effect = (
105
141
            lambda wait=False: setattr(container, "status_code", LXD_RUNNING))
106
142
        files_api = container.api.files
107
143
        files_api._api_endpoint = "/1.0/containers/lp-xenial-amd64/files"
108
144
        files_api.session.get.return_value.status_code = 200
109
145
        files_api.session.get.return_value.iter_content.return_value = (
110
146
            iter([b"127.0.0.1\tlocalhost\n"]))
111
147
        processes_fixture = self.useFixture(FakeProcesses())
112
148
        processes_fixture.add(lambda _: {}, name="sudo")
113
149
        LXD("1", "xenial", "amd64").start()
114
150
115
151
        client.profiles.get.assert_called_once_with("lpbuildd")
127
        client.profiles.get.assert_called_once_with("lpbuildd")
116
152
        expected_config = {
128
        expected_config = {
117
153
            "security.privileged": "true",
129
            "security.privileged": "true",
118
@@ -160,7 +136,7 @@
119
160
                lxc.mount.auto=proc:rw sys:rw
136
                lxc.mount.auto=proc:rw sys:rw
120
161
                lxc.network.0.ipv4=10.10.10.2/24
137
                lxc.network.0.ipv4=10.10.10.2/24
121
162
                lxc.network.0.ipv4.gateway=10.10.10.1
138
                lxc.network.0.ipv4.gateway=10.10.10.1
123
163
                """),
139
                """) + extra_raw_lxc_config,
124
164
            }
140
            }
125
165
        expected_devices = {
141
        expected_devices = {
126
166
            "eth0": {
142
            "eth0": {
127
@@ -173,6 +149,48 @@
128
173
        client.profiles.create.assert_called_once_with(
149
        client.profiles.create.assert_called_once_with(
129
174
            "lpbuildd", expected_config, expected_devices)
150
            "lpbuildd", expected_config, expected_devices)
130
175
151
131
152
    def test_create_profile_amd64(self):
132
153
        self.useFixture(MockPatch("pylxd.Client"))
133
154
        client = pylxd.Client()
134
155
        client.profiles.get.side_effect = FakeLXDAPIException
135
156
        LXD("1", "xenial", "amd64").create_profile()
136
157
        self.assert_correct_profile()
137
158
138
159
    def test_create_profile_powerpc(self):
139
160
        self.useFixture(MockPatch("pylxd.Client"))
140
161
        client = pylxd.Client()
141
162
        client.profiles.get.side_effect = FakeLXDAPIException
142
163
        LXD("1", "xenial", "powerpc").create_profile()
143
164
        self.assert_correct_profile("lxc.seccomp=\n")
144
165
145
166
    def test_start(self):
146
167
        fs_fixture = self.useFixture(FakeFilesystem())
147
168
        fs_fixture.add("/sys")
148
169
        fs_fixture.add("/run")
149
170
        os.makedirs("/run/launchpad-buildd")
150
171
        fs_fixture.add("/etc")
151
172
        os.mkdir("/etc")
152
173
        with open("/etc/resolv.conf", "w") as f:
153
174
            print("host resolv.conf", file=f)
154
175
        os.chmod("/etc/resolv.conf", 0o644)
155
176
        self.useFixture(MockPatch("pylxd.Client"))
156
177
        client = pylxd.Client()
157
178
        client.profiles.get.side_effect = FakeLXDAPIException
158
179
        container = client.containers.create.return_value
159
180
        client.containers.get.return_value = container
160
181
        container.start.side_effect = (
161
182
            lambda wait=False: setattr(container, "status_code", LXD_RUNNING))
162
183
        files_api = container.api.files
163
184
        files_api._api_endpoint = "/1.0/containers/lp-xenial-amd64/files"
164
185
        files_api.session.get.return_value.status_code = 200
165
186
        files_api.session.get.return_value.iter_content.return_value = (
166
187
            iter([b"127.0.0.1\tlocalhost\n"]))
167
188
        processes_fixture = self.useFixture(FakeProcesses())
168
189
        processes_fixture.add(lambda _: {}, name="sudo")
169
190
        LXD("1", "xenial", "amd64").start()
170
191
171
192
        self.assert_correct_profile()
172
193
173
176
        ip = ["sudo", "ip"]
194
        ip = ["sudo", "ip"]
174
177
        iptables = ["sudo", "iptables", "-w"]
195
        iptables = ["sudo", "iptables", "-w"]
175
178
        iptables_comment = [
196
        iptables_comment = [
Status:	Merged
Merged at revision:	277
Proposed branch:	lp:~cjwatson/launchpad-buildd/lxd-powerpc
Merge into:	lp:launchpad-buildd
Diff against target:	175 lines (+73/-41) 3 files modified debian/changelog (+7/-0) lpbuildd/target/lxd.py (+22/-15) lpbuildd/target/tests/test_lxd.py (+44/-26)
To merge this branch:	bzr merge lp:~cjwatson/launchpad-buildd/lxd-powerpc
Related bugs:	Link a bug report
Reviewer	Review Type	Date Requested	Status
William Grant	code	2017-09-05	Approve on 2017-09-06
Review via email: mp+330208@code.launchpad.net