After my previous patch to fix filesystem tests [1] was merged, I noticed the GitLab CI was still skipping them and wanted to figure out why. In short: libguestfs tools (virt-make-fs, guestmount) fail because they need an installed kernel and the host /dev/fuse device, loop mounts need the host /dev/loop* devices, and mounting filesystems (loop and guestmount) fails because Docker containers need extra permissions to mount devices normally disabled for host security.
[1] https://patchwork.ozlabs.org/project/uboot/patch/20210520190947.21773-1-alpe...
Patch #1 is meant to install a kernel into the container image that libguestfs can use, but the image will need to be regenerated manually.
Patch #2 makes virt-make-fs work, which should make these EFI tests run again. But guestmount doesn't work with this much because it needs more permissions to actually mount a filesystem.
Patch #3 makes mounting filesystems and loop devices work, which should make the filesystem tests run again. This is separate from patch #2 because the parts using guestmount can theoretically be rewritten to use guestfish which would make the filesystem tests work without this patch, and giving mount permissions to the container processes seem to be insecure. So, this patch can be dropped if you think the impact isn't worth it.
Similar changes to patch #2, #3 should be applicable to the GitLab CI and probably necessary to get the same effect, but I don't think its configuration is accessible to me.
Changes in v3: - Only set /boot/vmlinu* as readable.
v2: https://patchwork.ozlabs.org/project/uboot/list/?series=248583
Changes in v2: - Always pass in /dev/fuse to Azure's docker run invocation. - Drop patch to install kernel in CI scripts
v1: https://patchwork.ozlabs.org/project/uboot/list/?series=247294
Alper Nebi Yasak (3): tools: docker: Install a readable kernel for libguestfs-tools Azure: Add fuse device for test.py tests Azure: Add loop devices and CAP_SYS_ADMIN for sandbox test.py tests
.azure-pipelines.yml | 17 ++++++++++++++++- tools/docker/Dockerfile | 4 ++++ 2 files changed, 20 insertions(+), 1 deletion(-)