From: "Ludovic Courtès" <ludo@gnu.org>
To: Timmy Douglas <mail@timmydouglas.com>
Cc: 52174-done@debbugs.gnu.org
Subject: [bug#52174] [PATCH] gnu: Add podman
Date: Mon, 03 Jan 2022 12:14:27 +0100 [thread overview]
Message-ID: <87czl9m5po.fsf@gnu.org> (raw)
In-Reply-To: <87czlbmdlu.fsf@timmydouglas.com> (Timmy Douglas's message of "Sat, 01 Jan 2022 11:59:25 -0800")
Hello,
Timmy Douglas <mail@timmydouglas.com> skribis:
> Ludovic Courtès <ludo@gnu.org> writes:
[...]
>> IWBN to see if we can still run those tests somehow, or at least the
>> subset of them that doesn’t rely on /sys/fs/cgroup. I’d argue that the
>> test harness should automatically skip tests that cannot be run; perhaps
>> worth raising upstream?
>
> I'd like to get the tests to run also, but the builder sandbox appears
> to be blocking some pretty major functionality that the tests would rely
> on.
>
> I think pretty much all of the container/crun ones would rely on the
> cgroup mount because that's the kernel interface into the container
> APIs... Is there some way that guix and the builder could eventually
> expose those by default? I don't know how receptive upstream would be
> towards an ask to run container tests with the container interface
> disabled?
The daemon probably won’t expose those; we’re rather conservative into
what to expose and how to change it because changes could break
bit-reproducible builds in unexpected ways.
I understand many/most tests require cgroups, I’m just wondering if we
can run at least those that don’t require it. Perhaps we’re talking
about a very limited number of tests, in which case it’s moot, I don’t
know.
> For the networking ones that fail, they try to use /dev/net/tun. Like
> the cgroup one, I assume this is a kernel interface needed to perform
> network operations. I guess the builders disable this as a part of the
> network disabling stuff because the tests pass outside of the builder
> sandbox.
Yeah.
> The cni-plugins (cni=container network interface) use /var/run to mount
> network namespaces. /var/run is present on my machine but I don't think
> it exists inside the builder sandbox. The actual directory used can be
> set with XDG_RUNTIME_DIR, but it appears the code still checks the
> ownership of /var/run to see if it's running in a user namespace:
> https://github.com/containernetworking/plugins/blob/2c46a726805bcf13e2f78580c57b21e9de107285/pkg/testutils/netns_linux.go
Hmm OK. So yeah, maybe there’s nothing we can do here.
Thanks for your feedback,
Ludo’.
next prev parent reply other threads:[~2022-01-03 11:15 UTC|newest]
Thread overview: 19+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-11-29 6:46 [bug#52174] [PATCH] gnu: Add podman Timmy Douglas via Guix-patches via
2021-12-18 17:57 ` Ludovic Courtès
2021-12-19 4:58 ` [bug#52174] [PATCH v2 1/6] gnu: add crun Timmy Douglas via Guix-patches via
[not found] ` <875yrjl8a5.fsf@gnu.org>
2021-12-21 20:17 ` Timmy Douglas via Guix-patches via
2021-12-24 15:23 ` Ludovic Courtès
2021-12-25 0:22 ` Timmy Douglas via Guix-patches via
2022-01-01 18:11 ` bug#52174: [PATCH] gnu: Add podman Ludovic Courtès
2022-01-01 19:59 ` [bug#52174] " Timmy Douglas via Guix-patches via
2022-01-03 11:14 ` Ludovic Courtès [this message]
2021-12-19 4:58 ` [bug#52174] [PATCH v2 2/6] gnu: add conmon Timmy Douglas via Guix-patches via
[not found] ` <87wnjzjtk2.fsf@gnu.org>
2021-12-21 22:42 ` Timmy Douglas via Guix-patches via
2021-12-24 15:25 ` Ludovic Courtès
2021-12-19 4:58 ` [bug#52174] [PATCH v2 3/6] gnu: add libslirp Timmy Douglas via Guix-patches via
[not found] ` <871r27l87f.fsf@gnu.org>
2021-12-21 22:37 ` Timmy Douglas via Guix-patches via
2021-12-24 15:24 ` Ludovic Courtès
2021-12-19 4:58 ` [bug#52174] [PATCH v2 4/6] gnu: add slirp4netns Timmy Douglas via Guix-patches via
2021-12-19 4:58 ` [bug#52174] [PATCH v2 5/6] gnu: add cni-plugins Timmy Douglas via Guix-patches via
2021-12-19 4:58 ` [bug#52174] [PATCH v2 6/6] gnu: add podman Timmy Douglas via Guix-patches via
[not found] <CMD7WNOQ95S7.2N4ASFNPGIJXS@nix>
2022-08-23 7:14 ` [bug#52174] [PATCH] gnu: Add podman guix-patches--- via
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87czl9m5po.fsf@gnu.org \
--to=ludo@gnu.org \
--cc=52174-done@debbugs.gnu.org \
--cc=mail@timmydouglas.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this external index
https://git.savannah.gnu.org/cgit/guix.git
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.