tests: Add integration test for unprivileged network

This tests whether we can have a working network without having CAP_NET_ADMIN. Signed-off-by: Rob Bradford <robert.bradford@intel.com>
2025-02-21 19:02:30 +00:00 · 2020-06-05 14:54:37 +01:00 · 2020-06-05 14:54:37 +01:00 · aa79a92c35
commit aa79a92c35
parent 9b71ba20ac
2 changed files with 65 additions and 1 deletions
--- a/scripts/run_integration_tests.sh
+++ b/scripts/run_integration_tests.sh
@ -210,11 +210,15 @@ sudo ip tuntap add name vunet-tap0 mode tap
 # Create tap interface with multipe queues support for vhost_user_net test.
 sudo ip tuntap add name vunet-tap1 mode tap multi_queue

+
 cargo build --release --target $BUILD_TARGET
 strip target/$BUILD_TARGET/release/cloud-hypervisor
 strip target/$BUILD_TARGET/release/vhost_user_net
 strip target/$BUILD_TARGET/release/ch-remote

+# Copy for non-privileged net test
+cp target/$BUILD_TARGET/release/cloud-hypervisor target/$BUILD_TARGET/release/cloud-hypervisor-unprivileged
+
 sudo setcap cap_net_admin+ep target/$BUILD_TARGET/release/cloud-hypervisor
 sudo setcap cap_net_admin+ep target/$BUILD_TARGET/release/vhost_user_net

--- a/tests/integration.rs
+++ b/tests/integration.rs
@ -855,8 +855,12 @@ mod tests {

    impl<'a> GuestCommand<'a> {
        fn new(guest: &'a Guest) -> Self {
+            Self::new_with_binary_name(guest, "cloud-hypervisor")
+        }
+
+        fn new_with_binary_name(guest: &'a Guest, binary_name: &str) -> Self {
            Self {
-                command: Command::new(clh_command("cloud-hypervisor")),
+                command: Command::new(clh_command(binary_name)),
                guest,
                capture_output: false,
            }
@ -2359,6 +2363,62 @@ mod tests {
        });
    }

+    #[cfg_attr(not(feature = "mmio"), test)]
+    fn test_unprivileged_net() {
+        test_block!(tb, "", {
+            let mut clear = ClearDiskConfig::new();
+            let guest = Guest::new(&mut clear);
+
+            let host_ip = &guest.network.host_ip;
+
+            std::process::Command::new("bash")
+                .args(&["-c", "sudo ip tuntap add name chtap0 mode tap"])
+                .status()
+                .expect("Expected creating interface to work");
+
+            std::process::Command::new("bash")
+                .args(&["-c", &format!("sudo ip addr add {}/24 dev chtap0", host_ip)])
+                .status()
+                .expect("Expected programming interface to work");
+
+            std::process::Command::new("bash")
+                .args(&["-c", "sudo ip link set dev chtap0 up"])
+                .status()
+                .expect("Expected upping interface to work");
+
+            let mut child =
+                GuestCommand::new_with_binary_name(&guest, "cloud-hypervisor-unprivileged")
+                    .args(&["--cpus", "boot=1"])
+                    .args(&["--memory", "size=512M"])
+                    .args(&["--kernel", guest.fw_path.as_str()])
+                    .default_disks()
+                    .args(&[
+                        "--net",
+                        format!("tap=chtap0,mac={}", guest.network.guest_mac).as_str(),
+                    ])
+                    .spawn()
+                    .unwrap();
+
+            thread::sleep(std::time::Duration::new(20, 0));
+
+            // 1 network interfaces + default localhost ==> 2 interfaces
+            aver_eq!(
+                tb,
+                guest
+                    .ssh_command("ip -o link | wc -l")
+                    .unwrap_or_default()
+                    .trim()
+                    .parse::<u32>()
+                    .unwrap_or_default(),
+                2
+            );
+
+            let _ = child.kill();
+            let _ = child.wait();
+            Ok(())
+        });
+    }
+
    fn test_serial_off() {
        test_block!(tb, "", {
            let mut clear = ClearDiskConfig::new();