From aa79a92c356663fd9d24dea57319edb3c4117ec8 Mon Sep 17 00:00:00 2001 From: Rob Bradford Date: Fri, 5 Jun 2020 14:54:37 +0100 Subject: [PATCH] tests: Add integration test for unprivileged network This tests whether we can have a working network without having CAP_NET_ADMIN. Signed-off-by: Rob Bradford --- scripts/run_integration_tests.sh | 4 +++ tests/integration.rs | 62 +++++++++++++++++++++++++++++++- 2 files changed, 65 insertions(+), 1 deletion(-) diff --git a/scripts/run_integration_tests.sh b/scripts/run_integration_tests.sh index 0b59bd235..e1bc35ff3 100755 --- a/scripts/run_integration_tests.sh +++ b/scripts/run_integration_tests.sh @@ -210,11 +210,15 @@ sudo ip tuntap add name vunet-tap0 mode tap # Create tap interface with multipe queues support for vhost_user_net test. sudo ip tuntap add name vunet-tap1 mode tap multi_queue + cargo build --release --target $BUILD_TARGET strip target/$BUILD_TARGET/release/cloud-hypervisor strip target/$BUILD_TARGET/release/vhost_user_net strip target/$BUILD_TARGET/release/ch-remote +# Copy for non-privileged net test +cp target/$BUILD_TARGET/release/cloud-hypervisor target/$BUILD_TARGET/release/cloud-hypervisor-unprivileged + sudo setcap cap_net_admin+ep target/$BUILD_TARGET/release/cloud-hypervisor sudo setcap cap_net_admin+ep target/$BUILD_TARGET/release/vhost_user_net diff --git a/tests/integration.rs b/tests/integration.rs index ddf910009..32e5d697c 100644 --- a/tests/integration.rs +++ b/tests/integration.rs @@ -855,8 +855,12 @@ mod tests { impl<'a> GuestCommand<'a> { fn new(guest: &'a Guest) -> Self { + Self::new_with_binary_name(guest, "cloud-hypervisor") + } + + fn new_with_binary_name(guest: &'a Guest, binary_name: &str) -> Self { Self { - command: Command::new(clh_command("cloud-hypervisor")), + command: Command::new(clh_command(binary_name)), guest, capture_output: false, } @@ -2359,6 +2363,62 @@ mod tests { }); } + #[cfg_attr(not(feature = "mmio"), test)] + fn test_unprivileged_net() { + test_block!(tb, "", { + let mut clear = ClearDiskConfig::new(); + let guest = Guest::new(&mut clear); + + let host_ip = &guest.network.host_ip; + + std::process::Command::new("bash") + .args(&["-c", "sudo ip tuntap add name chtap0 mode tap"]) + .status() + .expect("Expected creating interface to work"); + + std::process::Command::new("bash") + .args(&["-c", &format!("sudo ip addr add {}/24 dev chtap0", host_ip)]) + .status() + .expect("Expected programming interface to work"); + + std::process::Command::new("bash") + .args(&["-c", "sudo ip link set dev chtap0 up"]) + .status() + .expect("Expected upping interface to work"); + + let mut child = + GuestCommand::new_with_binary_name(&guest, "cloud-hypervisor-unprivileged") + .args(&["--cpus", "boot=1"]) + .args(&["--memory", "size=512M"]) + .args(&["--kernel", guest.fw_path.as_str()]) + .default_disks() + .args(&[ + "--net", + format!("tap=chtap0,mac={}", guest.network.guest_mac).as_str(), + ]) + .spawn() + .unwrap(); + + thread::sleep(std::time::Duration::new(20, 0)); + + // 1 network interfaces + default localhost ==> 2 interfaces + aver_eq!( + tb, + guest + .ssh_command("ip -o link | wc -l") + .unwrap_or_default() + .trim() + .parse::() + .unwrap_or_default(), + 2 + ); + + let _ = child.kill(); + let _ = child.wait(); + Ok(()) + }); + } + fn test_serial_off() { test_block!(tb, "", { let mut clear = ClearDiskConfig::new();