guix-patches
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[bug#52174] [PATCH] gnu: Add podman

From: Ludovic Courtès
Subject: [bug#52174] [PATCH] gnu: Add podman
Date: Mon, 03 Jan 2022 12:14:27 +0100
User-agent: Gnus/5.13 (Gnus v5.13) Emacs/27.2 (gnu/linux) 
Hello,

Timmy Douglas <mail@timmydouglas.com> skribis:

> Ludovic Courtès <ludo@gnu.org> writes:

[...]

>> IWBN to see if we can still run those tests somehow, or at least the
>> subset of them that doesn’t rely on /sys/fs/cgroup.  I’d argue that the
>> test harness should automatically skip tests that cannot be run; perhaps
>> worth raising upstream?
>
> I'd like to get the tests to run also, but the builder sandbox appears
> to be blocking some pretty major functionality that the tests would rely
> on.
>
> I think pretty much all of the container/crun ones would rely on the
> cgroup mount because that's the kernel interface into the container
> APIs... Is there some way that guix and the builder could eventually
> expose those by default? I don't know how receptive upstream would be
> towards an ask to run container tests with the container interface
> disabled?

The daemon probably won’t expose those; we’re rather conservative into
what to expose and how to change it because changes could break
bit-reproducible builds in unexpected ways.

I understand many/most tests require cgroups, I’m just wondering if we
can run at least those that don’t require it.  Perhaps we’re talking
about a very limited number of tests, in which case it’s moot, I don’t
know.

> For the networking ones that fail, they try to use /dev/net/tun. Like
> the cgroup one, I assume this is a kernel interface needed to perform
> network operations. I guess the builders disable this as a part of the
> network disabling stuff because the tests pass outside of the builder
> sandbox.

Yeah.

> The cni-plugins (cni=container network interface) use /var/run to mount
> network namespaces. /var/run is present on my machine but I don't think
> it exists inside the builder sandbox. The actual directory used can be
> set with XDG_RUNTIME_DIR, but it appears the code still checks the
> ownership of /var/run to see if it's running in a user namespace:
> https://github.com/containernetworking/plugins/blob/2c46a726805bcf13e2f78580c57b21e9de107285/pkg/testutils/netns_linux.go

Hmm OK.  So yeah, maybe there’s nothing we can do here.

Thanks for your feedback,
Ludo’.
reply via email to
[Prev in Thread] Current Thread [Next in Thread]