diff options
| author | jade <lix@jade.fyi> | 2024-05-05 03:57:29 +0000 |
|---|---|---|
| committer | Gerrit Code Review <gerrit@lix-systems> | 2024-05-05 03:57:29 +0000 |
| commit | fb5d6f325b1ed50ca475c1b99aee58defb09406e (patch) | |
| tree | a3e01a2aa770dfa28c54ec504435e0fccf276152 /tests | |
| parent | 4886d4592ba2158752ef28e36dc30566953490d1 (diff) | |
| parent | 9909a175bf1602e7bb4ebfc1c9befeaa56da1fb4 (diff) | |
Merge "Fix /etc/group having desynced IDs from the actual UID in the sandbox" into main
Diffstat (limited to 'tests')
| -rw-r--r-- | tests/nixos/broken-userns.nix | 66 | ||||
| -rw-r--r-- | tests/nixos/default.nix | 2 |
2 files changed, 68 insertions, 0 deletions
diff --git a/tests/nixos/broken-userns.nix b/tests/nixos/broken-userns.nix new file mode 100644 index 000000000..a48467193 --- /dev/null +++ b/tests/nixos/broken-userns.nix @@ -0,0 +1,66 @@ +# Lix should be able to build derivations that want working NSS, even with +# broken user namespaces support +{ ... }: +let + testDerivation = builtins.toFile "test.nix" '' + { cacheBreak }: + let pkgs = import <nixpkgs> { }; + in + pkgs.runCommand "test" { } ''' + # ''${cacheBreak} + id -g + id -u + echo "GROUP" + cat /etc/group + echo "PASSWD" + cat /etc/passwd + + username=$(id -un) + groupname=$(id -gn) + [[ "$username" =~ nixbld* ]] + [[ "$groupname" =~ nixbld* ]] + touch $out + ''' + ''; +in +{ + name = "broken-userns"; + + nodes.machine = + { + config, + lib, + pkgs, + ... + }: + { + virtualisation.writableStore = true; + nix.settings.substituters = lib.mkForce [ ]; + nix.nixPath = [ "nixpkgs=${lib.cleanSource pkgs.path}" ]; + virtualisation.additionalPaths = [ + pkgs.stdenvNoCC + testDerivation + ]; + }; + + testScript = + { nodes }: + '' + start_all() + + # Building it normally should work + machine.succeed(r""" + nix-build --argstr cacheBreak 1 --store daemon ${testDerivation} + """) + + # Building it with broken userns should also work + machine.succeed(r""" + # break user ns + sysctl -w user.max_user_namespaces=0 + """) + machine.systemctl("restart nix-daemon") + machine.succeed(r""" + nix-build --argstr cacheBreak 2 --store daemon ${testDerivation} + """) + ''; +} diff --git a/tests/nixos/default.nix b/tests/nixos/default.nix index 3d0a1f0c6..987463b07 100644 --- a/tests/nixos/default.nix +++ b/tests/nixos/default.nix @@ -164,4 +164,6 @@ in symlinkResolvconf = runNixOSTestFor "x86_64-linux" ./symlink-resolvconf.nix; rootInSandbox = runNixOSTestFor "x86_64-linux" ./root-in-sandbox; + + broken-userns = runNixOSTestFor "x86_64-linux" ./broken-userns.nix; } |