This pulls a lot of common code out of lxc_user_nic.c. It also
moves one function from conf.c that was duplicated in lxc_user_nic.c
(It removes a DEBUG statement because (a) it doesn't seem actually
useful and (b) DEBUG doesn't work in network.c).
Also replace the old test of only parsing code with a skeleton for
a full test. (Note - the test will need some work, it's just there
as do-what-i-mean code example)
Signed-off-by: Serge Hallyn <serge.hal...@ubuntu.com>
---
src/lxc/Makefile.am | 2 +-
src/lxc/conf.c | 41 -----
src/lxc/lxc_user_nic.c | 403 +--------------------------------------------
src/lxc/network.c | 45 ++++-
src/lxc/network.h | 4 +
src/tests/Makefile.am | 4 +-
src/tests/lxc-test-usernic | 126 +++++++++++---
7 files changed, 156 insertions(+), 469 deletions(-)
diff --git a/src/lxc/Makefile.am b/src/lxc/Makefile.am
index bcb644e..6534381 100644
--- a/src/lxc/Makefile.am
+++ b/src/lxc/Makefile.am
@@ -222,7 +222,7 @@ lxc_kill_SOURCES = lxc_kill.c
lxc_create_SOURCES = lxc_create.c
lxc_snapshot_SOURCES = lxc_snapshot.c
lxc_usernsexec_SOURCES = lxc_usernsexec.c
-lxc_user_nic_SOURCES = lxc_user_nic.c
+lxc_user_nic_SOURCES = lxc_user_nic.c network.c network.h
install-exec-local: install-soPROGRAMS
mkdir -p $(DESTDIR)$(datadir)/lxc
diff --git a/src/lxc/conf.c b/src/lxc/conf.c
index 4b786b1..860fc5b 100644
--- a/src/lxc/conf.c
+++ b/src/lxc/conf.c
@@ -2583,47 +2583,6 @@ void lxc_rename_phys_nics_on_shutdown(struct lxc_conf
*conf)
free(conf->saved_nics);
}
-static int setup_private_host_hw_addr(char *veth1)
-{
- struct ifreq ifr;
- int err;
- int sockfd;
-
- process_lock();
- sockfd = socket(AF_INET, SOCK_DGRAM, 0);
- process_unlock();
- if (sockfd < 0)
- return -errno;
-
- snprintf((char *)ifr.ifr_name, IFNAMSIZ, "%s", veth1);
- err = ioctl(sockfd, SIOCGIFHWADDR, &ifr);
- if (err < 0) {
- process_lock();
- close(sockfd);
- process_unlock();
- return -errno;
- }
-
- ifr.ifr_hwaddr.sa_data[0] = 0xfe;
- err = ioctl(sockfd, SIOCSIFHWADDR, &ifr);
- process_lock();
- close(sockfd);
- process_unlock();
- if (err < 0)
- return -errno;
-
- DEBUG("mac address of host interface '%s' changed to private "
- "%02x:%02x:%02x:%02x:%02x:%02x", veth1,
- ifr.ifr_hwaddr.sa_data[0] & 0xff,
- ifr.ifr_hwaddr.sa_data[1] & 0xff,
- ifr.ifr_hwaddr.sa_data[2] & 0xff,
- ifr.ifr_hwaddr.sa_data[3] & 0xff,
- ifr.ifr_hwaddr.sa_data[4] & 0xff,
- ifr.ifr_hwaddr.sa_data[5] & 0xff);
-
- return 0;
-}
-
static char *default_rootfs_mount = LXCROOTFSMOUNT;
struct lxc_conf *lxc_conf_init(void)
diff --git a/src/lxc/lxc_user_nic.c b/src/lxc/lxc_user_nic.c
index 952fe14..af1e944 100644
--- a/src/lxc/lxc_user_nic.c
+++ b/src/lxc/lxc_user_nic.c
@@ -45,51 +45,9 @@
#include <linux/rtnetlink.h>
#include <linux/sockios.h>
#include <sys/param.h>
-#include <sched.h>
#include "config.h"
#include "utils.h"
-
-#if ISTEST
-#define CONF_FILE "/tmp/lxc-usernet"
-#define DB_FILE "/tmp/nics"
-#else
-#define CONF_FILE LXC_USERNIC_CONF
-#define DB_FILE LXC_USERNIC_DB
-#endif
-
-#include "nl.h"
-
-#ifndef IFLA_LINKMODE
-# define IFLA_LINKMODE 17
-#endif
-
-#ifndef IFLA_LINKINFO
-# define IFLA_LINKINFO 18
-#endif
-
-#ifndef IFLA_NET_NS_PID
-# define IFLA_NET_NS_PID 19
-#endif
-
-#ifndef IFLA_INFO_KIND
-# define IFLA_INFO_KIND 1
-#endif
-
-#ifndef IFLA_VLAN_ID
-# define IFLA_VLAN_ID 1
-#endif
-
-#ifndef IFLA_INFO_DATA
-# define IFLA_INFO_DATA 2
-#endif
-
-#ifndef VETH_INFO_PEER
-# define VETH_INFO_PEER 1
-#endif
-
-#ifndef IFLA_MACVLAN_MODE
-# define IFLA_MACVLAN_MODE 1
-#endif
+#include "network.h"
void usage(char *me, bool fail)
{
@@ -146,14 +104,14 @@ static char *get_username(void)
*/
static int get_alloted(char *me, char *intype, char *link)
{
- FILE *fin = fopen(CONF_FILE, "r");
+ FILE *fin = fopen(LXC_USERNIC_CONF, "r");
char *line = NULL;
char user[100], type[100], br[100];
size_t len = 0;
int n = -1, ret;
if (!fin) {
- fprintf(stderr, "Failed to open %s: %s\n", CONF_FILE,
+ fprintf(stderr, "Failed to open %s: %s\n", LXC_USERNIC_CONF,
strerror(errno));
return -1;
}
@@ -229,11 +187,7 @@ static bool nic_exists(char *nic)
int ret;
struct stat sb;
-#if ISTEST
- ret = snprintf(path, MAXPATHLEN, "/tmp/lxcnettest/%s", nic);
-#else
ret = snprintf(path, MAXPATHLEN, "/sys/class/net/%s", nic);
-#endif
if (ret < 0 || ret >= MAXPATHLEN) // should never happen!
return true;
ret = stat(path, &sb);
@@ -242,198 +196,6 @@ static bool nic_exists(char *nic)
return true;
}
-struct link_req {
- struct nlmsg nlmsg;
- struct ifinfomsg ifinfomsg;
-};
-
-#if ! ISTEST
-
-static int lxc_veth_create(const char *name1, const char *name2)
-{
- struct nl_handler nlh;
- struct nlmsg *nlmsg = NULL, *answer = NULL;
- struct link_req *link_req;
- struct rtattr *nest1, *nest2, *nest3;
- int len, err;
-
- err = netlink_open(&nlh, NETLINK_ROUTE);
- if (err)
- return err;
-
- err = -EINVAL;
- len = strlen(name1);
- if (len == 1 || len >= IFNAMSIZ)
- goto out;
-
- len = strlen(name2);
- if (len == 1 || len >= IFNAMSIZ)
- goto out;
-
- err = -ENOMEM;
- nlmsg = nlmsg_alloc(NLMSG_GOOD_SIZE);
- if (!nlmsg)
- goto out;
-
- answer = nlmsg_alloc(NLMSG_GOOD_SIZE);
- if (!answer)
- goto out;
-
- link_req = (struct link_req *)nlmsg;
- link_req->ifinfomsg.ifi_family = AF_UNSPEC;
- nlmsg->nlmsghdr.nlmsg_len = NLMSG_LENGTH(sizeof(struct ifinfomsg));
- nlmsg->nlmsghdr.nlmsg_flags =
- NLM_F_REQUEST|NLM_F_CREATE|NLM_F_EXCL|NLM_F_ACK;
- nlmsg->nlmsghdr.nlmsg_type = RTM_NEWLINK;
-
- err = -EINVAL;
- nest1 = nla_begin_nested(nlmsg, IFLA_LINKINFO);
- if (!nest1)
- goto out;
-
- if (nla_put_string(nlmsg, IFLA_INFO_KIND, "veth"))
- goto out;
-
- nest2 = nla_begin_nested(nlmsg, IFLA_INFO_DATA);
- if (!nest2)
- goto out;
-
- nest3 = nla_begin_nested(nlmsg, VETH_INFO_PEER);
- if (!nest3)
- goto out;
-
- nlmsg->nlmsghdr.nlmsg_len += sizeof(struct ifinfomsg);
-
- if (nla_put_string(nlmsg, IFLA_IFNAME, name2))
- goto out;
-
- nla_end_nested(nlmsg, nest3);
-
- nla_end_nested(nlmsg, nest2);
-
- nla_end_nested(nlmsg, nest1);
-
- if (nla_put_string(nlmsg, IFLA_IFNAME, name1))
- goto out;
-
- err = netlink_transaction(&nlh, nlmsg, answer);
-out:
- netlink_close(&nlh);
- nlmsg_free(answer);
- nlmsg_free(nlmsg);
- return err;
-}
-
-static int lxc_netdev_move(char *ifname, pid_t pid)
-{
- struct nl_handler nlh;
- struct nlmsg *nlmsg = NULL;
- struct link_req *link_req;
- int err, index;
-
- index = if_nametoindex(ifname);
- if (!ifname)
- return -EINVAL;
-
- err = netlink_open(&nlh, NETLINK_ROUTE);
- if (err)
- return err;
-
- err = -ENOMEM;
- nlmsg = nlmsg_alloc(NLMSG_GOOD_SIZE);
- if (!nlmsg)
- goto out;
-
- link_req = (struct link_req *)nlmsg;
- link_req->ifinfomsg.ifi_family = AF_UNSPEC;
- link_req->ifinfomsg.ifi_index = index;
- nlmsg->nlmsghdr.nlmsg_len = NLMSG_LENGTH(sizeof(struct ifinfomsg));
- nlmsg->nlmsghdr.nlmsg_flags = NLM_F_REQUEST|NLM_F_ACK;
- nlmsg->nlmsghdr.nlmsg_type = RTM_NEWLINK;
-
- if (nla_put_u32(nlmsg, IFLA_NET_NS_PID, pid))
- goto out;
-
- err = netlink_transaction(&nlh, nlmsg, nlmsg);
-out:
- netlink_close(&nlh);
- nlmsg_free(nlmsg);
- return err;
-}
-
-static int setup_private_host_hw_addr(char *veth1)
-{
- struct ifreq ifr;
- int err;
- int sockfd;
-
- sockfd = socket(AF_INET, SOCK_DGRAM, 0);
- if (sockfd < 0)
- return -errno;
-
- snprintf((char *)ifr.ifr_name, IFNAMSIZ, "%s", veth1);
- err = ioctl(sockfd, SIOCGIFHWADDR, &ifr);
- if (err < 0) {
- close(sockfd);
- return -errno;
- }
-
- ifr.ifr_hwaddr.sa_data[0] = 0xfe;
- err = ioctl(sockfd, SIOCSIFHWADDR, &ifr);
- close(sockfd);
- if (err < 0)
- return -errno;
-
- return 0;
-}
-
-static int netdev_set_flag(const char *name, int flag)
-{
- struct nl_handler nlh;
- struct nlmsg *nlmsg = NULL, *answer = NULL;
- struct link_req *link_req;
- int index, len, err;
-
- err = netlink_open(&nlh, NETLINK_ROUTE);
- if (err)
- return err;
-
- err = -EINVAL;
- len = strlen(name);
- if (len == 1 || len >= IFNAMSIZ)
- goto out;
-
- err = -ENOMEM;
- nlmsg = nlmsg_alloc(NLMSG_GOOD_SIZE);
- if (!nlmsg)
- goto out;
-
- answer = nlmsg_alloc(NLMSG_GOOD_SIZE);
- if (!answer)
- goto out;
-
- err = -EINVAL;
- index = if_nametoindex(name);
- if (!index)
- goto out;
-
- link_req = (struct link_req *)nlmsg;
- link_req->ifinfomsg.ifi_family = AF_UNSPEC;
- link_req->ifinfomsg.ifi_index = index;
- link_req->ifinfomsg.ifi_change |= IFF_UP;
- link_req->ifinfomsg.ifi_flags |= flag;
- nlmsg->nlmsghdr.nlmsg_len = NLMSG_LENGTH(sizeof(struct ifinfomsg));
- nlmsg->nlmsghdr.nlmsg_flags = NLM_F_REQUEST|NLM_F_ACK;
- nlmsg->nlmsghdr.nlmsg_type = RTM_NEWLINK;
-
- err = netlink_transaction(&nlh, nlmsg, answer);
-out:
- netlink_close(&nlh);
- nlmsg_free(nlmsg);
- nlmsg_free(answer);
- return err;
-}
-
static int instanciate_veth(char *n1, char **n2)
{
int err;
@@ -463,99 +225,8 @@ static int instanciate_veth(char *n1, char **n2)
return netdev_set_flag(n1, IFF_UP);
}
-static int lxc_bridge_attach(const char *bridge, const char *ifname)
-{
- int fd, index, err;
- struct ifreq ifr;
-
- if (strlen(ifname) >= IFNAMSIZ)
- return -EINVAL;
-
- index = if_nametoindex(ifname);
- if (!index)
- return -EINVAL;
-
- fd = socket(AF_INET, SOCK_STREAM, 0);
- if (fd < 0)
- return -errno;
-
- strncpy(ifr.ifr_name, bridge, IFNAMSIZ-1);
- ifr.ifr_name[IFNAMSIZ-1] = '\0';
- ifr.ifr_ifindex = index;
- err = ioctl(fd, SIOCBRADDIF, &ifr);
- close(fd);
- if (err)
- err = -errno;
-
- return err;
-}
-
-static int lxc_netdev_delete_by_index(int ifindex)
-{
- struct nl_handler nlh;
- struct nlmsg *nlmsg = NULL, *answer = NULL;
- struct link_req *link_req;
- int err;
-
- err = netlink_open(&nlh, NETLINK_ROUTE);
- if (err)
- return err;
-
- err = -ENOMEM;
- nlmsg = nlmsg_alloc(NLMSG_GOOD_SIZE);
- if (!nlmsg)
- goto out;
-
- answer = nlmsg_alloc(NLMSG_GOOD_SIZE);
- if (!answer)
- goto out;
-
- link_req = (struct link_req *)nlmsg;
- link_req->ifinfomsg.ifi_family = AF_UNSPEC;
- link_req->ifinfomsg.ifi_index = ifindex;
- nlmsg->nlmsghdr.nlmsg_len = NLMSG_LENGTH(sizeof(struct ifinfomsg));
- nlmsg->nlmsghdr.nlmsg_flags = NLM_F_ACK|NLM_F_REQUEST;
- nlmsg->nlmsghdr.nlmsg_type = RTM_DELLINK;
-
- err = netlink_transaction(&nlh, nlmsg, answer);
-out:
- netlink_close(&nlh);
- nlmsg_free(answer);
- nlmsg_free(nlmsg);
- return err;
-}
-
-static int lxc_netdev_delete_by_name(const char *name)
-{
- int index;
-
- index = if_nametoindex(name);
- if (!index)
- return -EINVAL;
-
- return lxc_netdev_delete_by_index(index);
-}
-#else
-static int lxc_netdev_delete_by_name(const char *name)
-{
- char path[200];
- sprintf(path, "/tmp/lxcnettest/%s", name);
- return unlink(path);
-}
-
-#endif
-
static bool create_nic(char *nic, char *br, int pid, char **cnic)
{
-#if ISTEST
- char path[200];
- sprintf(path, "/tmp/lxcnettest/%s", nic);
- int fd = open(path, O_RDWR|O_CREAT, S_IWUSR | S_IRUSR);
- if (fd < 0)
- return false;
- close(fd);
- return true;
-#else
char *veth1buf, *veth2buf;
veth1buf = alloca(IFNAMSIZ);
veth2buf = alloca(IFNAMSIZ);
@@ -580,7 +251,7 @@ static bool create_nic(char *nic, char *br, int pid, char
**cnic)
}
/* pass veth2 to target netns */
- ret = lxc_netdev_move(veth2buf, pid);
+ ret = lxc_netdev_move_by_name(veth2buf, pid);
if (ret < 0) {
fprintf(stderr, "Error moving %s to netns %d\n", veth2buf, pid);
goto out_del;
@@ -591,7 +262,6 @@ static bool create_nic(char *nic, char *br, int pid, char
**cnic)
out_del:
lxc_netdev_delete_by_name(veth1buf);
return false;
-#endif
}
/*
@@ -775,65 +445,6 @@ again:
goto again;
}
-static int lxc_netdev_rename_by_index(int ifindex, const char *newname)
-{
- struct nl_handler nlh;
- struct nlmsg *nlmsg = NULL, *answer = NULL;
- struct link_req *link_req;
- int len, err;
-
- err = netlink_open(&nlh, NETLINK_ROUTE);
- if (err)
- return err;
-
- len = strlen(newname);
- if (len == 1 || len >= IFNAMSIZ)
- goto out;
-
- err = -ENOMEM;
- nlmsg = nlmsg_alloc(NLMSG_GOOD_SIZE);
- if (!nlmsg)
- goto out;
-
- answer = nlmsg_alloc(NLMSG_GOOD_SIZE);
- if (!answer)
- goto out;
-
- link_req = (struct link_req *)nlmsg;
- link_req->ifinfomsg.ifi_family = AF_UNSPEC;
- link_req->ifinfomsg.ifi_index = ifindex;
- nlmsg->nlmsghdr.nlmsg_len = NLMSG_LENGTH(sizeof(struct ifinfomsg));
- nlmsg->nlmsghdr.nlmsg_flags = NLM_F_ACK|NLM_F_REQUEST;
- nlmsg->nlmsghdr.nlmsg_type = RTM_NEWLINK;
-
- if (nla_put_string(nlmsg, IFLA_IFNAME, newname))
- goto out;
-
- err = netlink_transaction(&nlh, nlmsg, answer);
-out:
- netlink_close(&nlh);
- nlmsg_free(answer);
- nlmsg_free(nlmsg);
- return err;
-}
-
-static int lxc_netdev_rename_by_name(const char *oldname, const char *newname)
-{
- int len, index;
-
- len = strlen(oldname);
- if (len == 1 || len >= IFNAMSIZ)
- return -EINVAL;
-
- index = if_nametoindex(oldname);
- if (!index) {
- fprintf(stderr, "Error getting ifindex for %s\n", oldname);
- return -EINVAL;
- }
-
- return lxc_netdev_rename_by_index(index, newname);
-}
-
static int rename_in_ns(int pid, char *oldname, char *newname)
{
char nspath[MAXPATHLEN];
@@ -952,13 +563,13 @@ int main(int argc, char *argv[])
exit(1);
}
- if (!create_db_dir(DB_FILE)) {
+ if (!create_db_dir(LXC_USERNIC_DB)) {
fprintf(stderr, "Failed to create directory for db file\n");
exit(1);
}
- if ((fd = open_and_lock(DB_FILE)) < 0) {
- fprintf(stderr, "Failed to lock %s\n", DB_FILE);
+ if ((fd = open_and_lock(LXC_USERNIC_DB)) < 0) {
+ fprintf(stderr, "Failed to lock %s\n", LXC_USERNIC_DB);
exit(1);
}
diff --git a/src/lxc/network.c b/src/lxc/network.c
index c30287e..94ff1f0 100644
--- a/src/lxc/network.c
+++ b/src/lxc/network.c
@@ -130,6 +130,17 @@ out:
return err;
}
+int lxc_netdev_move_by_name(char *ifname, pid_t pid)
+{
+ int index;
+
+ index = if_nametoindex(ifname);
+ if (!ifname)
+ return -EINVAL;
+
+ return lxc_netdev_move_by_index(index, pid);
+}
+
int lxc_netdev_delete_by_index(int ifindex)
{
struct nl_handler nlh;
@@ -233,7 +244,7 @@ int lxc_netdev_rename_by_name(const char *oldname, const
char *newname)
return lxc_netdev_rename_by_index(index, newname);
}
-static int netdev_set_flag(const char *name, int flag)
+int netdev_set_flag(const char *name, int flag)
{
struct nl_handler nlh;
struct nlmsg *nlmsg = NULL, *answer = NULL;
@@ -1036,3 +1047,35 @@ const char *lxc_net_type_to_str(int type)
return NULL;
return lxc_network_types[type];
}
+
+int setup_private_host_hw_addr(char *veth1)
+{
+ struct ifreq ifr;
+ int err;
+ int sockfd;
+
+ process_lock();
+ sockfd = socket(AF_INET, SOCK_DGRAM, 0);
+ process_unlock();
+ if (sockfd < 0)
+ return -errno;
+
+ snprintf((char *)ifr.ifr_name, IFNAMSIZ, "%s", veth1);
+ err = ioctl(sockfd, SIOCGIFHWADDR, &ifr);
+ if (err < 0) {
+ process_lock();
+ close(sockfd);
+ process_unlock();
+ return -errno;
+ }
+
+ ifr.ifr_hwaddr.sa_data[0] = 0xfe;
+ err = ioctl(sockfd, SIOCSIFHWADDR, &ifr);
+ process_lock();
+ close(sockfd);
+ process_unlock();
+ if (err < 0)
+ return -errno;
+
+ return 0;
+}
diff --git a/src/lxc/network.h b/src/lxc/network.h
index 0ca7a9a..58db9a1 100644
--- a/src/lxc/network.h
+++ b/src/lxc/network.h
@@ -32,6 +32,7 @@ extern int lxc_convert_mac(char *macaddr, struct sockaddr
*sockaddr);
* Move a device between namespaces
*/
extern int lxc_netdev_move_by_index(int ifindex, pid_t pid);
+extern int lxc_netdev_move_by_name(char *ifname, pid_t pid);
/*
* Delete a network device
@@ -45,6 +46,8 @@ extern int lxc_netdev_delete_by_index(int ifindex);
extern int lxc_netdev_rename_by_name(const char *oldname, const char *newname);
extern int lxc_netdev_rename_by_index(int ifindex, const char *newname);
+extern int netdev_set_flag(const char *name, int flag);
+
/*
* Set the device network up or down
*/
@@ -123,4 +126,5 @@ extern int lxc_neigh_proxy_on(const char *name, int family);
extern int lxc_neigh_proxy_off(const char *name, int family);
extern const char *lxc_net_type_to_str(int type);
+extern int setup_private_host_hw_addr(char *veth1);
#endif
diff --git a/src/tests/Makefile.am b/src/tests/Makefile.am
index cae82bf..ab956be 100644
--- a/src/tests/Makefile.am
+++ b/src/tests/Makefile.am
@@ -15,8 +15,6 @@ lxc_test_lxcpath_SOURCES = lxcpath.c
lxc_test_cgpath_SOURCES = cgpath.c
lxc_test_clonetest_SOURCES = clonetest.c
lxc_test_console_SOURCES = console.c
-lxc_usernic_test_SOURCES = ../lxc/lxc_user_nic.c ../lxc/nl.c
-lxc_usernic_test_CFLAGS = -DISTEST
lxc_test_snapshot_SOURCES = snapshot.c
lxc_test_concurrent_SOURCES = concurrent.c
lxc_test_may_control_SOURCES = may_control.c
@@ -42,7 +40,7 @@ endif
bin_PROGRAMS = lxc-test-containertests lxc-test-locktests lxc-test-startone \
lxc-test-destroytest lxc-test-saveconfig lxc-test-createtest \
lxc-test-shutdowntest lxc-test-get_item lxc-test-getkeys
lxc-test-lxcpath \
- lxc-test-cgpath lxc-test-clonetest lxc-test-console lxc-usernic-test \
+ lxc-test-cgpath lxc-test-clonetest lxc-test-console \
lxc-test-snapshot lxc-test-concurrent lxc-test-may-control \
lxc-test-reboot lxc-test-list lxc-test-attach
diff --git a/src/tests/lxc-test-usernic b/src/tests/lxc-test-usernic
index 9e6d834..168bac0 100755
--- a/src/tests/lxc-test-usernic
+++ b/src/tests/lxc-test-usernic
@@ -21,47 +21,119 @@
# License along with this library; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
-conffile="/tmp/lxc-usernet"
-dbfile="/tmp/nics"
-sysfsdir=/tmp/lxcnettest
+cleanup() {
+ sed -i '/usernic-user/d' /var/run/lxc/nics /etc/lxc/lxc-usernet
+ ifconfig usernic-br0 down
+ ifconfig usernic-br1 down
+ sudo brctl delbr usernic-br0
+ sudo brctl delbr usernic-br1
+ sudo deluser usernic-user
+ su -l usernic-user -c "lxc-stop -P /tmp/usernic-test/lxcbase -n b1"
+ rm -rf /tmp/usernic-test
+ exit $1
+}
-rm -f $conffile $dbfile
+# create a test user
+deluser usernic-user || true
+useradd usernic-user
+sudo mkdir -p /home/usernic-user
+sudo chown usernic-user /home/usernic-user
+usermod -v 910000-919999 -w 910000-919999 usernic-user
+mkdir -p /tmp/usernic-test/lxcbase
+chown usernic-user /tmp/usernic-test/lxcbase
+uid=$(id -u usernic-user)
+cat > /home/usernic-user/.bashrc << EOF
+export XDG_RUNTIME_DIR=/run/user/$uid
+EOF
+XDG_RUNTIME_DIR=/run/user/$uid
+export XDG_RUNTIME_DIR=/run/user/$uid
+mkdir -p /run/user/$uid
+chown usernic-user /run/user/$uid
+env
+echo XXX[
+su -l usernic-user -c "env"
+sleep 20
+
+#
+cat > /tmp/lxc-usernic.conf << EOF
+lxc.network.type = empty
+lxc.id_map = u 0 911000 10000
+lxc.id_map = g 0 911000 10000
+EOF
-rm -rf $sysfsdir
-mkdir -p $sysfsdir
+# Create two test bridges
-# there is no conffile, so we have no permissions
-lxc-usernic-test 1111 veth lxcbr0 > /dev/null 2>&1
+brctl addbr usernic-br0
+brctl addbr usernic-br1
+ifconfig usernic-br0 0.0.0.0 up
+ifconfig usernic-br1 0.0.0.0 up
+
+# Create three containers
+su -l usernic-user -c "lxc-create -P /tmp/usernic-test/lxcbase -t busybox -n
b1 -f /tmp/lxc-usernic.conf"
+su -l usernic-user -c "lxc-start -P /tmp/usernic-test/lxcbase -n b1 -d"
+p1=`lxc-info -P /tmp/usernic-test/lxcbase -n b1 -p | awk -F: '{ print $2 }'`
+
+# Assign one veth, should fail as no allowed entries yet
+su -l usernic-user -c "lxc-user-nic $p1 veth usernic-br0 xx1"
if [ $? -eq 0 ]; then
- echo "Fail: empty conffile should not allow me a nic"
- exit 1
+ echo "FAIL: able to create nic with no entries"
+ cleanup 1
fi
-cat > $conffile << EOF
-$(id -un) veth lxcbr0 1
-EOF
+# Give him a quota of two
+echo "lxc-usernet veth usernic-br0 2" >> /etc/lxc/lxc-usernet
+
+# Assign one veth to second bridge, should fail
+su -l usernic-user -c "lxc-user-nic $p1 veth usernic-br1 xx1"
+if [ $? -eq 0 ]; then
+ echo "FAIL: able to create nic with no entries"
+ cleanup 1
+fi
-# Should be allowed one but not two
-lxc-usernic-test 1111 veth lxcbr0 > /dev/null 2>&1
+# Assign two veths, should succeed
+su -l usernic-user -c "lxc-user-nic $p1 veth usernic-br0 xx2"
+if [ $? -ne 0 ]; then
+ echo "FAIL: unable to create first nic"
+ cleanup 1
+fi
+su -l usernic-user -c "lxc-user-nic $p1 veth usernic-br0 xx3"
if [ $? -ne 0 ]; then
- echo "Failed to get one allowed nic"
- exit 1
+ echo "FAIL: unable to create second nic"
+ cleanup 1
fi
-lxc-usernic-test 1111 veth lxcbr0 > /dev/null 2>&1
+# Assign one more veth, should fail.
+su -l usernic-user -c "lxc-user-nic $p1 veth usernic-br0 xx4"
if [ $? -eq 0 ]; then
- echo "Fail: was able to get a second nic"
- exit 1
+ echo "FAIL: able to create third nic"
+ cleanup 1
fi
-# now remove the 'existing nic' and make sure we're allowed to create
-# a new one
-lxc-usernic-test 1111 veth lxcbr0 > /dev/null 2>&1
-rm -rf $sysfsdir
-mkdir -p $sysfsdir
+# Shut down and restart the container, should be able to assign more nics
+su -l usernic-user -c "lxc-stop -P /tmp/usernic-test/lxcbase -n b1"
+su -l usernic-user -c "lxc-start -P /tmp/usernic-test/lxcbase -n b1 -d"
+p1=`lxc-info -P /tmp/usernic-test/lxcbase -n b1 -p | awk -F: '{ print $2 }'`
+su -l usernic-user -c "lxc-user-nic $p1 veth usernic-br0 xx5"
if [ $? -ne 0 ]; then
- echo "Fail: was unable to get a replacement nic"
- exit 1
+ echo "FAIL: unable to create nic after destroying the old"
+ cleanup 1
+fi
+
+su -l usernic-user -c "lxc-stop -P /tmp/usernic-test/lxcbase -n b1"
+
+# Create a root-owned ns
+lxc-create -t busybox -n usernic-c1
+lxc-start -n usernic-c1 -d
+p2=`lxc-info -n usernic-c1 -p | awk -F: '{ print $2}'`
+
+# assign veth to it - should fail
+su -l usernic-user -c "lxc-user-nic $p2 veth usernic-br0 xx6"
+ret=$?
+lxc-stop -n usernic-c1
+lxc-destroy -n usernic-c1
+if [ $ret -eq 0 ]; then
+ echo "FAIL: able to attach nic to root-owned container"
+ cleanup 1
fi
echo "All tests passed"
--
1.8.3.2
------------------------------------------------------------------------------
Shape the Mobile Experience: Free Subscription
Software experts and developers: Be at the forefront of tech innovation.
Intel(R) Software Adrenaline delivers strategic insight and game-changing
conversations that shape the rapidly evolving mobile landscape. Sign up now.
http://pubads.g.doubleclick.net/gampad/clk?id=63431311&iu=/4140/ostg.clktrk
_______________________________________________
Lxc-devel mailing list
Lxc-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/lxc-devel
