mirror of
https://github.com/cloud-hypervisor/cloud-hypervisor.git
synced 2024-07-07 10:15:45 +00:00
tests: Add integration test for unprivileged network
This tests whether we can have a working network without having CAP_NET_ADMIN. Signed-off-by: Rob Bradford <robert.bradford@intel.com>
This commit is contained in:
parent
9b71ba20ac
commit
aa79a92c35
@ -210,11 +210,15 @@ sudo ip tuntap add name vunet-tap0 mode tap
|
|||||||
# Create tap interface with multipe queues support for vhost_user_net test.
|
# Create tap interface with multipe queues support for vhost_user_net test.
|
||||||
sudo ip tuntap add name vunet-tap1 mode tap multi_queue
|
sudo ip tuntap add name vunet-tap1 mode tap multi_queue
|
||||||
|
|
||||||
|
|
||||||
cargo build --release --target $BUILD_TARGET
|
cargo build --release --target $BUILD_TARGET
|
||||||
strip target/$BUILD_TARGET/release/cloud-hypervisor
|
strip target/$BUILD_TARGET/release/cloud-hypervisor
|
||||||
strip target/$BUILD_TARGET/release/vhost_user_net
|
strip target/$BUILD_TARGET/release/vhost_user_net
|
||||||
strip target/$BUILD_TARGET/release/ch-remote
|
strip target/$BUILD_TARGET/release/ch-remote
|
||||||
|
|
||||||
|
# Copy for non-privileged net test
|
||||||
|
cp target/$BUILD_TARGET/release/cloud-hypervisor target/$BUILD_TARGET/release/cloud-hypervisor-unprivileged
|
||||||
|
|
||||||
sudo setcap cap_net_admin+ep target/$BUILD_TARGET/release/cloud-hypervisor
|
sudo setcap cap_net_admin+ep target/$BUILD_TARGET/release/cloud-hypervisor
|
||||||
sudo setcap cap_net_admin+ep target/$BUILD_TARGET/release/vhost_user_net
|
sudo setcap cap_net_admin+ep target/$BUILD_TARGET/release/vhost_user_net
|
||||||
|
|
||||||
|
@ -855,8 +855,12 @@ mod tests {
|
|||||||
|
|
||||||
impl<'a> GuestCommand<'a> {
|
impl<'a> GuestCommand<'a> {
|
||||||
fn new(guest: &'a Guest) -> Self {
|
fn new(guest: &'a Guest) -> Self {
|
||||||
|
Self::new_with_binary_name(guest, "cloud-hypervisor")
|
||||||
|
}
|
||||||
|
|
||||||
|
fn new_with_binary_name(guest: &'a Guest, binary_name: &str) -> Self {
|
||||||
Self {
|
Self {
|
||||||
command: Command::new(clh_command("cloud-hypervisor")),
|
command: Command::new(clh_command(binary_name)),
|
||||||
guest,
|
guest,
|
||||||
capture_output: false,
|
capture_output: false,
|
||||||
}
|
}
|
||||||
@ -2359,6 +2363,62 @@ mod tests {
|
|||||||
});
|
});
|
||||||
}
|
}
|
||||||
|
|
||||||
|
#[cfg_attr(not(feature = "mmio"), test)]
|
||||||
|
fn test_unprivileged_net() {
|
||||||
|
test_block!(tb, "", {
|
||||||
|
let mut clear = ClearDiskConfig::new();
|
||||||
|
let guest = Guest::new(&mut clear);
|
||||||
|
|
||||||
|
let host_ip = &guest.network.host_ip;
|
||||||
|
|
||||||
|
std::process::Command::new("bash")
|
||||||
|
.args(&["-c", "sudo ip tuntap add name chtap0 mode tap"])
|
||||||
|
.status()
|
||||||
|
.expect("Expected creating interface to work");
|
||||||
|
|
||||||
|
std::process::Command::new("bash")
|
||||||
|
.args(&["-c", &format!("sudo ip addr add {}/24 dev chtap0", host_ip)])
|
||||||
|
.status()
|
||||||
|
.expect("Expected programming interface to work");
|
||||||
|
|
||||||
|
std::process::Command::new("bash")
|
||||||
|
.args(&["-c", "sudo ip link set dev chtap0 up"])
|
||||||
|
.status()
|
||||||
|
.expect("Expected upping interface to work");
|
||||||
|
|
||||||
|
let mut child =
|
||||||
|
GuestCommand::new_with_binary_name(&guest, "cloud-hypervisor-unprivileged")
|
||||||
|
.args(&["--cpus", "boot=1"])
|
||||||
|
.args(&["--memory", "size=512M"])
|
||||||
|
.args(&["--kernel", guest.fw_path.as_str()])
|
||||||
|
.default_disks()
|
||||||
|
.args(&[
|
||||||
|
"--net",
|
||||||
|
format!("tap=chtap0,mac={}", guest.network.guest_mac).as_str(),
|
||||||
|
])
|
||||||
|
.spawn()
|
||||||
|
.unwrap();
|
||||||
|
|
||||||
|
thread::sleep(std::time::Duration::new(20, 0));
|
||||||
|
|
||||||
|
// 1 network interfaces + default localhost ==> 2 interfaces
|
||||||
|
aver_eq!(
|
||||||
|
tb,
|
||||||
|
guest
|
||||||
|
.ssh_command("ip -o link | wc -l")
|
||||||
|
.unwrap_or_default()
|
||||||
|
.trim()
|
||||||
|
.parse::<u32>()
|
||||||
|
.unwrap_or_default(),
|
||||||
|
2
|
||||||
|
);
|
||||||
|
|
||||||
|
let _ = child.kill();
|
||||||
|
let _ = child.wait();
|
||||||
|
Ok(())
|
||||||
|
});
|
||||||
|
}
|
||||||
|
|
||||||
fn test_serial_off() {
|
fn test_serial_off() {
|
||||||
test_block!(tb, "", {
|
test_block!(tb, "", {
|
||||||
let mut clear = ClearDiskConfig::new();
|
let mut clear = ClearDiskConfig::new();
|
||||||
|
Loading…
Reference in New Issue
Block a user