bubblewrap
bubblewrap copied to clipboard
Published
20 hours ago •
containers
containers
some tests fail in an LXC environment where some but not all capabilities are available
+ /usr/bin/make -O -j48 V=1 VERBOSE=1 check -j1
/usr/bin/make test-bwrap
make[1]: Entering directory '/home/tkloczko/rpmbuild/BUILD/bubblewrap-0.4.0'
rm -rf test-bwrap
cp bwrap test-bwrap
make[1]: Leaving directory '/home/tkloczko/rpmbuild/BUILD/bubblewrap-0.4.0'
/usr/bin/make check-TESTS
make[1]: Entering directory '/home/tkloczko/rpmbuild/BUILD/bubblewrap-0.4.0'
make[2]: Entering directory '/home/tkloczko/rpmbuild/BUILD/bubblewrap-0.4.0'
PASS: tests/test-run.sh 1 - Help works
SKIP: tests/test-run.sh 2 # SKIP no FUSE support
PASS: tests/test-run.sh 3 - can mount /proc with
PASS: tests/test-run.sh 4 - can unshare network, create new /dev with
PASS: tests/test-run.sh 5 - cannot read /etc/shadow with
PASS: tests/test-run.sh 6 - cannot read /root/.bashrc with
PASS: tests/test-run.sh 7 - can bind a destination over a symlink
SKIP: tests/test-run.sh 8 # SKIP no FUSE support
PASS: tests/test-run.sh 9 - can mount /proc with --unshare-user-try
PASS: tests/test-run.sh 10 - can unshare network, create new /dev with --unshare-user-try
PASS: tests/test-run.sh 11 - cannot read /etc/shadow with --unshare-user-try
PASS: tests/test-run.sh 12 - cannot read /root/.bashrc with --unshare-user-try
PASS: tests/test-run.sh 13 - can bind a destination over a symlink
SKIP: tests/test-run.sh 14 # SKIP no FUSE support
PASS: tests/test-run.sh 15 - can mount /proc with --unshare-pid
PASS: tests/test-run.sh 16 - can unshare network, create new /dev with --unshare-pid
PASS: tests/test-run.sh 17 - cannot read /etc/shadow with --unshare-pid
PASS: tests/test-run.sh 18 - cannot read /root/.bashrc with --unshare-pid
PASS: tests/test-run.sh 19 - can bind a destination over a symlink
SKIP: tests/test-run.sh 20 # SKIP no FUSE support
PASS: tests/test-run.sh 21 - can mount /proc with --unshare-user-try --unshare-pid
PASS: tests/test-run.sh 22 - can unshare network, create new /dev with --unshare-user-try --unshare-pid
PASS: tests/test-run.sh 23 - cannot read /etc/shadow with --unshare-user-try --unshare-pid
PASS: tests/test-run.sh 24 - cannot read /root/.bashrc with --unshare-user-try --unshare-pid
PASS: tests/test-run.sh 25 - can bind a destination over a symlink
PASS: tests/test-run.sh 26 - all expected devices were created
PASS: tests/test-run.sh 27 - can run as pid 1
PASS: tests/test-run.sh 28 info and json-status fd
PASS: tests/test-run.sh 29 namespace id info in info and json-status fd
PASS: tests/test-run.sh 30 pre-exec failure doesn't include exit-code in json-status
PASS: tests/test-run.sh 31 exec failure doesn't include exit-code in json-status
PASS: tests/test-run.sh 32 - can mount /proc recursively
PASS: tests/test-run.sh 33 - can pivot to new rootfs recursively
PASS: tests/test-run.sh 34 error prefxing
PASS: tests/test-run.sh 35 - we have no caps as uid != 0
ERROR: tests/test-run.sh - too few tests run (expected 49, got 35)
ERROR: tests/test-run.sh - exited with status 127 (command not found?)
========================================
bubblewrap 0.4.0: ./test-suite.log
========================================
# TOTAL: 37
# PASS: 31
# SKIP: 4
# XFAIL: 0
# FAIL: 0
# XPASS: 0
# ERROR: 2
.. contents:: :depth: 2
ERROR: tests/test-run.sh
========================
+ PATH=/home/tkloczko/.local/bin:/home/tkloczko/bin:/usr/local/bin:/usr/bin:/usr/local/sbin:/usr/sbin:/usr/sbin:/sbin
+++ dirname ./tests/test-run.sh
++ cd ./tests
++ pwd
+ srcd=/home/tkloczko/rpmbuild/BUILD/bubblewrap-0.4.0/tests
+ . /home/tkloczko/rpmbuild/BUILD/bubblewrap-0.4.0/tests/libtest-core.sh
++ locale -a
++ grep C.UTF-8
++ export LC_ALL=C
++ LC_ALL=C
++ export G_DEBUG=fatal-warnings
++ G_DEBUG=fatal-warnings
++ basename ./tests/test-run.sh
+ bn=test-run.sh
++ mktemp -d /var/tmp/tap-test.XXXXXX
+ tempdir=/var/tmp/tap-test.fkr6ZR
+ touch /var/tmp/tap-test.fkr6ZR/.testtmp
+ trap cleanup EXIT
+ cd /var/tmp/tap-test.fkr6ZR
+ : /home/tkloczko/rpmbuild/BUILD/bubblewrap-0.4.0/test-bwrap
++ type -p /home/tkloczko/rpmbuild/BUILD/bubblewrap-0.4.0/test-bwrap
+ test -u /home/tkloczko/rpmbuild/BUILD/bubblewrap-0.4.0/test-bwrap
+ FUSE_DIR=
++ cat /proc/self/mounts
++ grep ' fuse[. ]'
++ awk '{print $2}'
+++ id -u
++ grep user_id=1000
++ id -u
+ test 1000 = 0
+ is_uidzero=false
+ UNREADABLE=/root/.bashrc
+ false
++ dirname /root/.bashrc
+ test -x /root
+ '[' /lib -ef /usr/lib ']'
+ BWRAP_RO_HOST_ARGS='--ro-bind /usr /usr
--ro-bind /etc /etc
--dir /var/tmp
--symlink usr/lib /lib
--symlink usr/lib64 /lib64
--symlink usr/bin /bin
--symlink usr/sbin /sbin
--proc /proc
--dev /dev'
+ RUN='/home/tkloczko/rpmbuild/BUILD/bubblewrap-0.4.0/test-bwrap --bind / / --tmpfs /tmp'
+ /home/tkloczko/rpmbuild/BUILD/bubblewrap-0.4.0/test-bwrap --bind / / --tmpfs /tmp true
+ echo 1..49
+ /home/tkloczko/rpmbuild/BUILD/bubblewrap-0.4.0/test-bwrap --help
+ assert_file_has_content help.txt 'usage: /home/tkloczko/rpmbuild/BUILD/bubblewrap-0.4.0/test-bwrap'
+ fpath=help.txt
+ shift
+ for re in "$@"
+ grep -q -e 'usage: /home/tkloczko/rpmbuild/BUILD/bubblewrap-0.4.0/test-bwrap' help.txt
+ echo 'ok - Help works'
+ for ALT in "" "--unshare-user-try" "--unshare-pid" "--unshare-user-try --unshare-pid"
+ '[' x '!=' x ']'
+ echo 'ok # SKIP no FUSE support'
+ /home/tkloczko/rpmbuild/BUILD/bubblewrap-0.4.0/test-bwrap --bind / / --tmpfs /tmp --proc /proc true
1..49
ok - Help works
PASS: tests/test-run.sh 1 - Help works
+ echo 'ok - can mount /proc with '
+ /home/tkloczko/rpmbuild/BUILD/bubblewrap-0.4.0/test-bwrap --bind / / --tmpfs /tmp --unshare-net --proc /proc --dev /dev true
ok # SKIP no FUSE support
SKIP: tests/test-run.sh 2 # SKIP no FUSE support
+ echo 'ok - can unshare network, create new /dev with '
+ echo -n 'expect EPERM: '
expect EPERM: ok - can mount /proc with
+ test -n ''
+ CAP=
+ false
PASS: tests/test-run.sh 3 - can mount /proc with
+ /home/tkloczko/rpmbuild/BUILD/bubblewrap-0.4.0/test-bwrap --bind / / --tmpfs /tmp --unshare-net --proc /proc --bind /etc/shadow /tmp/foo cat /etc/shadow
cat: /etc/shadow: Permission denied
+ echo 'ok - cannot read /etc/shadow with '
+ '[' x/root/.bashrc '!=' x ']'
ok - can unshare network, create new /dev with
+ echo -n 'expect EPERM: '
expect EPERM: PASS: tests/test-run.sh 4 - can unshare network, create new /dev with
+ /home/tkloczko/rpmbuild/BUILD/bubblewrap-0.4.0/test-bwrap --bind / / --tmpfs /tmp --unshare-net --proc /proc --dev /dev --bind /root/.bashrc /tmp/foo cat /tmp/foo
bwrap: Can't find source path /root/.bashrc: Permission denied
+ echo 'ok - cannot read /root/.bashrc with '
ok - cannot read /etc/shadow with
+ /home/tkloczko/rpmbuild/BUILD/bubblewrap-0.4.0/test-bwrap --bind / / --tmpfs /tmp --dir /tmp/dir --symlink dir /tmp/link --bind /etc /tmp/link true
PASS: tests/test-run.sh 5 - cannot read /etc/shadow with
+ echo 'ok - can bind a destination over a symlink'
+ for ALT in "" "--unshare-user-try" "--unshare-pid" "--unshare-user-try --unshare-pid"
+ '[' x '!=' x ']'
+ echo 'ok # SKIP no FUSE support'
ok - cannot read /root/.bashrc with
+ /home/tkloczko/rpmbuild/BUILD/bubblewrap-0.4.0/test-bwrap --bind / / --tmpfs /tmp --unshare-user-try --proc /proc true
PASS: tests/test-run.sh 6 - cannot read /root/.bashrc with
ok - can bind a destination over a symlink
PASS: tests/test-run.sh 7 - can bind a destination over a symlink
+ echo 'ok - can mount /proc with --unshare-user-try'
+ /home/tkloczko/rpmbuild/BUILD/bubblewrap-0.4.0/test-bwrap --bind / / --tmpfs /tmp --unshare-user-try --unshare-net --proc /proc --dev /dev true
ok # SKIP no FUSE support
SKIP: tests/test-run.sh 8 # SKIP no FUSE support
+ echo 'ok - can unshare network, create new /dev with --unshare-user-try'
+ echo -n 'expect EPERM: '
expect EPERM: ok - can mount /proc with --unshare-user-try
+ test -n ''
+ CAP=
+ false
PASS: tests/test-run.sh 9 - can mount /proc with --unshare-user-try
+ /home/tkloczko/rpmbuild/BUILD/bubblewrap-0.4.0/test-bwrap --bind / / --tmpfs /tmp --unshare-user-try --unshare-net --proc /proc --bind /etc/shadow /tmp/foo cat /etc/shadow
cat: /etc/shadow: Permission denied
+ echo 'ok - cannot read /etc/shadow with --unshare-user-try'
+ '[' x/root/.bashrc '!=' x ']'
ok - can unshare network, create new /dev with --unshare-user-try
+ echo -n 'expect EPERM: '
expect EPERM: PASS: tests/test-run.sh 10 - can unshare network, create new /dev with --unshare-user-try
+ /home/tkloczko/rpmbuild/BUILD/bubblewrap-0.4.0/test-bwrap --bind / / --tmpfs /tmp --unshare-user-try --unshare-net --proc /proc --dev /dev --bind /root/.bashrc /tmp/foo cat /tmp/foo
bwrap: Can't find source path /root/.bashrc: Permission denied
+ echo 'ok - cannot read /root/.bashrc with --unshare-user-try'
+ /home/tkloczko/rpmbuild/BUILD/bubblewrap-0.4.0/test-bwrap --bind / / --tmpfs /tmp --unshare-user-try --dir /tmp/dir --symlink dir /tmp/link --bind /etc /tmp/link true
ok - cannot read /etc/shadow with --unshare-user-try
PASS: tests/test-run.sh 11 - cannot read /etc/shadow with --unshare-user-try
+ echo 'ok - can bind a destination over a symlink'
+ for ALT in "" "--unshare-user-try" "--unshare-pid" "--unshare-user-try --unshare-pid"
+ '[' x '!=' x ']'
+ echo 'ok # SKIP no FUSE support'
ok - cannot read /root/.bashrc with --unshare-user-try
+ /home/tkloczko/rpmbuild/BUILD/bubblewrap-0.4.0/test-bwrap --bind / / --tmpfs /tmp --unshare-pid --proc /proc true
PASS: tests/test-run.sh 12 - cannot read /root/.bashrc with --unshare-user-try
ok - can bind a destination over a symlink
PASS: tests/test-run.sh 13 - can bind a destination over a symlink
+ echo 'ok - can mount /proc with --unshare-pid'
+ /home/tkloczko/rpmbuild/BUILD/bubblewrap-0.4.0/test-bwrap --bind / / --tmpfs /tmp --unshare-pid --unshare-net --proc /proc --dev /dev true
ok # SKIP no FUSE support
SKIP: tests/test-run.sh 14 # SKIP no FUSE support
+ echo 'ok - can unshare network, create new /dev with --unshare-pid'
+ echo -n 'expect EPERM: '
expect EPERM: + test -n ''
ok - can mount /proc with --unshare-pid
+ CAP=
+ false
PASS: tests/test-run.sh 15 - can mount /proc with --unshare-pid
+ /home/tkloczko/rpmbuild/BUILD/bubblewrap-0.4.0/test-bwrap --bind / / --tmpfs /tmp --unshare-pid --unshare-net --proc /proc --bind /etc/shadow /tmp/foo cat /etc/shadow
cat: /etc/shadow: Permission denied
+ echo 'ok - cannot read /etc/shadow with --unshare-pid'
+ '[' x/root/.bashrc '!=' x ']'
+ echo -n 'expect EPERM: '
expect EPERM: ok - can unshare network, create new /dev with --unshare-pid
+ /home/tkloczko/rpmbuild/BUILD/bubblewrap-0.4.0/test-bwrap --bind / / --tmpfs /tmp --unshare-pid --unshare-net --proc /proc --dev /dev --bind /root/.bashrc /tmp/foo cat /tmp/foo
PASS: tests/test-run.sh 16 - can unshare network, create new /dev with --unshare-pid
bwrap: Can't find source path /root/.bashrc: Permission denied
+ echo 'ok - cannot read /root/.bashrc with --unshare-pid'
+ /home/tkloczko/rpmbuild/BUILD/bubblewrap-0.4.0/test-bwrap --bind / / --tmpfs /tmp --unshare-pid --dir /tmp/dir --symlink dir /tmp/link --bind /etc /tmp/link true
ok - cannot read /etc/shadow with --unshare-pid
PASS: tests/test-run.sh 17 - cannot read /etc/shadow with --unshare-pid
+ echo 'ok - can bind a destination over a symlink'
+ for ALT in "" "--unshare-user-try" "--unshare-pid" "--unshare-user-try --unshare-pid"
+ '[' x '!=' x ']'
+ echo 'ok # SKIP no FUSE support'
ok - cannot read /root/.bashrc with --unshare-pid
+ /home/tkloczko/rpmbuild/BUILD/bubblewrap-0.4.0/test-bwrap --bind / / --tmpfs /tmp --unshare-user-try --unshare-pid --proc /proc true
PASS: tests/test-run.sh 18 - cannot read /root/.bashrc with --unshare-pid
ok - can bind a destination over a symlink
PASS: tests/test-run.sh 19 - can bind a destination over a symlink
+ echo 'ok - can mount /proc with --unshare-user-try --unshare-pid'
+ /home/tkloczko/rpmbuild/BUILD/bubblewrap-0.4.0/test-bwrap --bind / / --tmpfs /tmp --unshare-user-try --unshare-pid --unshare-net --proc /proc --dev /dev true
ok # SKIP no FUSE support
SKIP: tests/test-run.sh 20 # SKIP no FUSE support
+ echo 'ok - can unshare network, create new /dev with --unshare-user-try --unshare-pid'
+ echo -n 'expect EPERM: '
expect EPERM: + test -n ''
ok - can mount /proc with --unshare-user-try --unshare-pid
+ CAP=
+ false
+ /home/tkloczko/rpmbuild/BUILD/bubblewrap-0.4.0/test-bwrap --bind / / --tmpfs /tmp --unshare-user-try --unshare-pid --unshare-net --proc /proc --bind /etc/shadow /tmp/foo cat /etc/shadow
PASS: tests/test-run.sh 21 - can mount /proc with --unshare-user-try --unshare-pid
cat: /etc/shadow: Permission denied
+ echo 'ok - cannot read /etc/shadow with --unshare-user-try --unshare-pid'
+ '[' x/root/.bashrc '!=' x ']'
ok - can unshare network, create new /dev with --unshare-user-try --unshare-pid
+ echo -n 'expect EPERM: '
expect EPERM: PASS: tests/test-run.sh 22 - can unshare network, create new /dev with --unshare-user-try --unshare-pid
+ /home/tkloczko/rpmbuild/BUILD/bubblewrap-0.4.0/test-bwrap --bind / / --tmpfs /tmp --unshare-user-try --unshare-pid --unshare-net --proc /proc --dev /dev --bind /root/.bashrc /tmp/foo cat /tmp/foo
bwrap: Can't find source path /root/.bashrc: Permission denied
+ echo 'ok - cannot read /root/.bashrc with --unshare-user-try --unshare-pid'
ok - cannot read /etc/shadow with --unshare-user-try --unshare-pid
+ /home/tkloczko/rpmbuild/BUILD/bubblewrap-0.4.0/test-bwrap --bind / / --tmpfs /tmp --unshare-user-try --unshare-pid --dir /tmp/dir --symlink dir /tmp/link --bind /etc /tmp/link true
PASS: tests/test-run.sh 23 - cannot read /etc/shadow with --unshare-user-try --unshare-pid
+ echo 'ok - can bind a destination over a symlink'
ok - cannot read /root/.bashrc with --unshare-user-try --unshare-pid
PASS: tests/test-run.sh 24 - cannot read /root/.bashrc with --unshare-user-try --unshare-pid
+ /home/tkloczko/rpmbuild/BUILD/bubblewrap-0.4.0/test-bwrap --bind / / --tmpfs /tmp --unshare-pid --dev /dev ls -al /dev/stdin /dev/stdout /dev/stderr /dev/null /dev/random /dev/urandom /dev/fd /dev/core
+ echo 'ok - all expected devices were created'
ok - can bind a destination over a symlink
+ /home/tkloczko/rpmbuild/BUILD/bubblewrap-0.4.0/test-bwrap --bind / / --tmpfs /tmp --unshare-pid --as-pid-1 --bind / / bash -c 'echo $$'
PASS: tests/test-run.sh 25 - can bind a destination over a symlink
/usr/share/lmod/lmod/init/bash: line 124: /dev/null: Permission denied
+ assert_file_has_content as_pid_1.txt 1
+ fpath=as_pid_1.txt
+ shift
+ for re in "$@"
+ grep -q -e 1 as_pid_1.txt
+ echo 'ok - can run as pid 1'
ok - all expected devices were created
+ /home/tkloczko/rpmbuild/BUILD/bubblewrap-0.4.0/test-bwrap --bind / / --tmpfs /tmp --unshare-all --info-fd 42 --json-status-fd 43 -- bash -c 'exit 42'
PASS: tests/test-run.sh 26 - all expected devices were created
+ assert_file_has_content info.json '"child-pid": [0-9]'
+ fpath=info.json
+ shift
+ for re in "$@"
+ grep -q -e '"child-pid": [0-9]' info.json
+ assert_file_has_content json-status.json '"child-pid": [0-9]'
+ fpath=json-status.json
+ shift
+ for re in "$@"
+ grep -q -e '"child-pid": [0-9]' json-status.json
+ assert_file_has_content_literal json-status.json '"exit-code": 42'
+ grep -q -F -e '"exit-code": 42' json-status.json
+ echo 'ok info and json-status fd'
ok - can run as pid 1
PASS: tests/test-run.sh 27 - can run as pid 1
++ /home/tkloczko/rpmbuild/BUILD/bubblewrap-0.4.0/test-bwrap --bind / / --tmpfs /tmp --proc /proc --unshare-all --info-fd 42 --json-status-fd 43 -- bash -c 'stat -L --format "%n %i" /proc/self/ns/*'
+ DATA='/proc/self/ns/cgroup 4026535433
/proc/self/ns/ipc 4026535429
/proc/self/ns/mnt 4026535427
/proc/self/ns/net 4026536379
/proc/self/ns/pid 4026535430
/proc/self/ns/pid_for_children 4026535430
/proc/self/ns/user 4026535422
/proc/self/ns/uts 4026535428'
+ for NS in "ipc" "mnt" "net" "pid" "uts"
++ echo '/proc/self/ns/cgroup 4026535433
/proc/self/ns/ipc 4026535429
/proc/self/ns/mnt 4026535427
/proc/self/ns/net 4026536379
/proc/self/ns/pid 4026535430
/proc/self/ns/pid_for_children 4026535430
/proc/self/ns/user 4026535422
/proc/self/ns/uts 4026535428'
++ grep /proc/self/ns/ipc
++ awk '{print $2}'
+ want=4026535429
+ assert_file_has_content info.json 4026535429
+ fpath=info.json
+ shift
+ for re in "$@"
+ grep -q -e 4026535429 info.json
+ assert_file_has_content json-status.json 4026535429
+ fpath=json-status.json
+ shift
+ for re in "$@"
+ grep -q -e 4026535429 json-status.json
+ for NS in "ipc" "mnt" "net" "pid" "uts"
++ echo '/proc/self/ns/cgroup 4026535433
/proc/self/ns/ipc 4026535429
/proc/self/ns/mnt 4026535427
/proc/self/ns/net 4026536379
/proc/self/ns/pid 4026535430
/proc/self/ns/pid_for_children 4026535430
/proc/self/ns/user 4026535422
/proc/self/ns/uts 4026535428'
++ grep /proc/self/ns/mnt
++ awk '{print $2}'
+ want=4026535427
+ assert_file_has_content info.json 4026535427
+ fpath=info.json
+ shift
+ for re in "$@"
+ grep -q -e 4026535427 info.json
+ assert_file_has_content json-status.json 4026535427
+ fpath=json-status.json
+ shift
+ for re in "$@"
+ grep -q -e 4026535427 json-status.json
+ for NS in "ipc" "mnt" "net" "pid" "uts"
++ echo '/proc/self/ns/cgroup 4026535433
/proc/self/ns/ipc 4026535429
/proc/self/ns/mnt 4026535427
/proc/self/ns/net 4026536379
/proc/self/ns/pid 4026535430
/proc/self/ns/pid_for_children 4026535430
/proc/self/ns/user 4026535422
/proc/self/ns/uts 4026535428'
++ grep /proc/self/ns/net
++ awk '{print $2}'
+ want=4026536379
+ assert_file_has_content info.json 4026536379
+ fpath=info.json
+ shift
+ for re in "$@"
+ grep -q -e 4026536379 info.json
+ assert_file_has_content json-status.json 4026536379
+ fpath=json-status.json
+ shift
+ for re in "$@"
+ grep -q -e 4026536379 json-status.json
+ for NS in "ipc" "mnt" "net" "pid" "uts"
++ echo '/proc/self/ns/cgroup 4026535433
/proc/self/ns/ipc 4026535429
/proc/self/ns/mnt 4026535427
/proc/self/ns/net 4026536379
/proc/self/ns/pid 4026535430
/proc/self/ns/pid_for_children 4026535430
/proc/self/ns/user 4026535422
/proc/self/ns/uts 4026535428'
++ grep /proc/self/ns/pid
++ awk '{print $2}'
+ want='4026535430
4026535430'
+ assert_file_has_content info.json '4026535430
4026535430'
+ fpath=info.json
+ shift
+ for re in "$@"
+ grep -q -e '4026535430
4026535430' info.json
+ assert_file_has_content json-status.json '4026535430
4026535430'
+ fpath=json-status.json
+ shift
+ for re in "$@"
+ grep -q -e '4026535430
4026535430' json-status.json
+ for NS in "ipc" "mnt" "net" "pid" "uts"
++ echo '/proc/self/ns/cgroup 4026535433
/proc/self/ns/ipc 4026535429
/proc/self/ns/mnt 4026535427
/proc/self/ns/net 4026536379
/proc/self/ns/pid 4026535430
/proc/self/ns/pid_for_children 4026535430
/proc/self/ns/user 4026535422
/proc/self/ns/uts 4026535428'
++ grep /proc/self/ns/uts
++ awk '{print $2}'
+ want=4026535428
+ assert_file_has_content info.json 4026535428
+ fpath=info.json
+ shift
+ for re in "$@"
+ grep -q -e 4026535428 info.json
+ assert_file_has_content json-status.json 4026535428
+ fpath=json-status.json
+ shift
+ for re in "$@"
+ grep -q -e 4026535428 json-status.json
+ echo 'ok namespace id info in info and json-status fd'
ok info and json-status fd
+ which strace
PASS: tests/test-run.sh 28 info and json-status fd
ok namespace id info in info and json-status fd
PASS: tests/test-run.sh 29 namespace id info in info and json-status fd
+ strace -h
+ grep -v -e default
+ grep -e fault
/usr/bin/strace
options: trace, abbrev, verbose, raw, signal, read, write, fault,
+ strace -o /dev/null -f -e trace=prctl -e fault=prctl:when=39 /home/tkloczko/rpmbuild/BUILD/bubblewrap-0.4.0/test-bwrap --bind / / --tmpfs /tmp --die-with-parent --json-status-fd 42 true
bwrap: can't set dumpable: Function not implemented
+ assert_not_file_has_content json-status.json '"exit-code": [0-9]'
+ fpath=json-status.json
+ shift
+ for re in "$@"
+ grep -q -e '"exit-code": [0-9]' json-status.json
+ echo 'ok pre-exec failure doesn'\''t include exit-code in json-status'
+ notanexecutable=/
-e fault=SET[:error=ERRNO][:when=WHEN], --fault=SET[:error=ERRNO][:when=WHEN]
+ /home/tkloczko/rpmbuild/BUILD/bubblewrap-0.4.0/test-bwrap --bind / / --tmpfs /tmp --json-status-fd 42 /
bwrap: execvp /: Permission denied
+ true
+ assert_not_file_has_content json-status.json '"exit-code": [0-9]'
+ fpath=json-status.json
+ shift
+ for re in "$@"
+ grep -q -e '"exit-code": [0-9]' json-status.json
+ echo 'ok exec failure doesn'\''t include exit-code in json-status'
ok pre-exec failure doesn't include exit-code in json-status
PASS: tests/test-run.sh 30 pre-exec failure doesn't include exit-code in json-status
+ test -n ''
+ BWRAP_RECURSE='/home/tkloczko/rpmbuild/BUILD/bubblewrap-0.4.0/test-bwrap --unshare-all --uid 0 --gid 0 --cap-add ALL --bind / / --bind /proc /proc'
+ /home/tkloczko/rpmbuild/BUILD/bubblewrap-0.4.0/test-bwrap --unshare-all --uid 0 --gid 0 --cap-add ALL --bind / / --bind /proc /proc -- /home/tkloczko/rpmbuild/BUILD/bubblewrap-0.4.0/test-bwrap --unshare-all --bind / / --bind /proc /proc echo hello
+ assert_file_has_content recursive_proc.txt hello
+ fpath=recursive_proc.txt
+ shift
+ for re in "$@"
+ grep -q -e hello recursive_proc.txt
+ echo 'ok - can mount /proc recursively'
ok exec failure doesn't include exit-code in json-status
+ /home/tkloczko/rpmbuild/BUILD/bubblewrap-0.4.0/test-bwrap --unshare-all --uid 0 --gid 0 --cap-add ALL --bind / / --bind /proc /proc -- /home/tkloczko/rpmbuild/BUILD/bubblewrap-0.4.0/test-bwrap --unshare-all --ro-bind /usr /usr --ro-bind /etc /etc --dir /var/tmp --symlink usr/lib /lib --symlink usr/lib64 /lib64 --symlink usr/bin /bin --symlink usr/sbin /sbin --proc /proc --dev /dev findmnt
PASS: tests/test-run.sh 31 exec failure doesn't include exit-code in json-status
+ assert_file_has_content recursive-newroot.txt /usr
+ fpath=recursive-newroot.txt
+ shift
+ for re in "$@"
+ grep -q -e /usr recursive-newroot.txt
+ echo 'ok - can pivot to new rootfs recursively'
ok - can mount /proc recursively
+ /home/tkloczko/rpmbuild/BUILD/bubblewrap-0.4.0/test-bwrap --bind / / --tmpfs /tmp --unshare-pid --bind /source-enoent /dest true
PASS: tests/test-run.sh 32 - can mount /proc recursively
+ assert_file_has_content err.txt '^bwrap: Can'\''t find source path.*source-enoent'
+ fpath=err.txt
+ shift
+ for re in "$@"
+ grep -q -e '^bwrap: Can'\''t find source path.*source-enoent' err.txt
+ echo 'ok error prefxing'
ok - can pivot to new rootfs recursively
PASS: tests/test-run.sh 33 - can pivot to new rootfs recursively
+ false
+ for OPT in "" "--unshare-user-try --as-pid-1" "--unshare-user-try" "--as-pid-1"
+ e=0
+ /home/tkloczko/rpmbuild/BUILD/bubblewrap-0.4.0/test-bwrap --bind / / --tmpfs /tmp --unshare-pid getpcaps 1
ok error prefxing
PASS: tests/test-run.sh 34 error prefxing
+ sed -e 's/^/# /'
+ test 0 = 0
+ assert_not_file_has_content caps.test ': =.*cap'
+ fpath=caps.test
+ shift
+ for re in "$@"
+ grep -q -e ': =.*cap' caps.test
+ for OPT in "" "--unshare-user-try --as-pid-1" "--unshare-user-try" "--as-pid-1"
+ e=0
+ /home/tkloczko/rpmbuild/BUILD/bubblewrap-0.4.0/test-bwrap --bind / / --tmpfs /tmp --unshare-user-try --as-pid-1 --unshare-pid getpcaps 1
1: =
+ sed -e 's/^/# /'
+ test 0 = 0
+ assert_not_file_has_content caps.test ': =.*cap'
+ fpath=caps.test
+ shift
+ for re in "$@"
+ grep -q -e ': =.*cap' caps.test
+ for OPT in "" "--unshare-user-try --as-pid-1" "--unshare-user-try" "--as-pid-1"
+ e=0
+ /home/tkloczko/rpmbuild/BUILD/bubblewrap-0.4.0/test-bwrap --bind / / --tmpfs /tmp --unshare-user-try --unshare-pid getpcaps 1
1: =
+ sed -e 's/^/# /'
+ test 0 = 0
+ assert_not_file_has_content caps.test ': =.*cap'
+ fpath=caps.test
+ shift
+ for re in "$@"
+ grep -q -e ': =.*cap' caps.test
+ for OPT in "" "--unshare-user-try --as-pid-1" "--unshare-user-try" "--as-pid-1"
+ e=0
+ /home/tkloczko/rpmbuild/BUILD/bubblewrap-0.4.0/test-bwrap --bind / / --tmpfs /tmp --as-pid-1 --unshare-pid getpcaps 1
1: =
+ sed -e 's/^/# /'
+ test 0 = 0
+ assert_not_file_has_content caps.test ': =.*cap'
+ fpath=caps.test
+ shift
+ for re in "$@"
+ grep -q -e ': =.*cap' caps.test
+ echo 'ok - we have no caps as uid != 0'
+ cat
1: =
+ chmod a+x lockf-n.py
+ touch lock
+ for die_with_parent_argv in "--die-with-parent" "--die-with-parent --unshare-pid"
+ childshellpid=942166
++ seq 10
++ pwd
+ /bin/bash -c 'while true; do /home/tkloczko/rpmbuild/BUILD/bubblewrap-0.4.0/test-bwrap --bind / / --tmpfs /tmp --die-with-parent --lock-file /var/tmp/tap-test.fkr6ZR/lock sleep 1h; done'
+ for x in $(seq 10)
+ ./lockf-n.py ./lock nowait
/usr/bin/env: 'python': No such file or directory
+ break
+ ./lockf-n.py ./lock nowait
/usr/bin/env: 'python': No such file or directory
+ kill -9 942166
+ ./lockf-n.py ./lock wait
/usr/bin/env: 'python': No such file or directory
./tests/test-run.sh: line 247: 942166 Killed /bin/bash -c "while true; do $RUN ${die_with_parent_argv} --lock-file $(pwd)/lock sleep 1h; done"
+ cleanup
+ test -n ''
+ test -f /var/tmp/tap-test.fkr6ZR/.test
ok - we have no caps as uid != 0
PASS: tests/test-run.sh 35 - we have no caps as uid != 0
ERROR: tests/test-run.sh - too few tests run (expected 49, got 35)
ERROR: tests/test-run.sh - exited with status 127 (command not found?)
============================================================================
Testsuite summary for bubblewrap 0.4.0
============================================================================
# TOTAL: 37
# PASS: 31
# SKIP: 4
# XFAIL: 0
# FAIL: 0
# XPASS: 0
# ERROR: 2
============================================================================
See ./test-suite.log
Please report to [email protected]
============================================================================
Jus ttested new 0.6.3 and looks like issue still is around ..
+ cd bubblewrap-0.6.2
+ /usr/bin/make -O -j48 V=1 VERBOSE=1 check -j1
/usr/bin/make tests/test-utils test-bwrap tests/try-syscall
make[1]: Entering directory '/home/tkloczko/rpmbuild/BUILD/bubblewrap-0.6.2'
/usr/bin/gcc -DHAVE_CONFIG_H -I. -pipe -Wall -Werror=shadow -Werror=empty-body -Werror=strict-prototypes -Werror=missing-prototypes -Werror=implicit-function-declaration -Werror=format=2 -Werror=format-security -Werror=format-nonliteral -Werror=pointer-arith -Werror=init-self -Werror=missing-declarations -Werror=return-type -Werror=overflow -Werror=int-conversion -Werror=incompatible-pointer-types -Werror=misleading-indentation -Werror=missing-include-dirs -Werror=aggregate-return -Werror=switch-default -Wswitch-enum -O2 -g -grecord-gcc-switches -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -m64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection -fdata-sections -ffunction-sections -flto=auto -flto-partition=none -c -o test-utils.o `test -f 'tests/test-utils.c' || echo './'`tests/test-utils.c
/usr/bin/gcc -DHAVE_CONFIG_H -I. -pipe -Wall -Werror=shadow -Werror=empty-body -Werror=strict-prototypes -Werror=missing-prototypes -Werror=implicit-function-declaration -Werror=format=2 -Werror=format-security -Werror=format-nonliteral -Werror=pointer-arith -Werror=init-self -Werror=missing-declarations -Werror=return-type -Werror=overflow -Werror=int-conversion -Werror=incompatible-pointer-types -Werror=misleading-indentation -Werror=missing-include-dirs -Werror=aggregate-return -Werror=switch-default -Wswitch-enum -O2 -g -grecord-gcc-switches -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -m64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection -fdata-sections -ffunction-sections -flto=auto -flto-partition=none -c -o utils.o utils.c
/usr/bin/gcc -pipe -Wall -Werror=shadow -Werror=empty-body -Werror=strict-prototypes -Werror=missing-prototypes -Werror=implicit-function-declaration -Werror=format=2 -Werror=format-security -Werror=format-nonliteral -Werror=pointer-arith -Werror=init-self -Werror=missing-declarations -Werror=return-type -Werror=overflow -Werror=int-conversion -Werror=incompatible-pointer-types -Werror=misleading-indentation -Werror=missing-include-dirs -Werror=aggregate-return -Werror=switch-default -Wswitch-enum -O2 -g -grecord-gcc-switches -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -m64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection -fdata-sections -ffunction-sections -flto=auto -flto-partition=none -Wl,-z,relro -Wl,--as-needed -Wl,--gc-sections -Wl,-z,now -specs=/usr/lib/rpm/redhat/redhat-hardened-ld -flto=auto -flto-partition=none -fuse-linker-plugin -Wl,--build-id=sha1 -o tests/test-utils test-utils.o utils.o -lselinux -lcap
rm -rf test-bwrap
cp bwrap test-bwrap
chmod 0755 test-bwrap
/usr/bin/gcc -DHAVE_CONFIG_H -I. -pipe -Wall -Werror=shadow -Werror=empty-body -Werror=strict-prototypes -Werror=missing-prototypes -Werror=implicit-function-declaration -Werror=format=2 -Werror=format-security -Werror=format-nonliteral -Werror=pointer-arith -Werror=init-self -Werror=missing-declarations -Werror=return-type -Werror=overflow -Werror=int-conversion -Werror=incompatible-pointer-types -Werror=misleading-indentation -Werror=missing-include-dirs -Werror=aggregate-return -Werror=switch-default -Wswitch-enum -O2 -g -grecord-gcc-switches -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -m64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection -fdata-sections -ffunction-sections -flto=auto -flto-partition=none -c -o try-syscall.o `test -f 'tests/try-syscall.c' || echo './'`tests/try-syscall.c
/usr/bin/gcc -pipe -Wall -Werror=shadow -Werror=empty-body -Werror=strict-prototypes -Werror=missing-prototypes -Werror=implicit-function-declaration -Werror=format=2 -Werror=format-security -Werror=format-nonliteral -Werror=pointer-arith -Werror=init-self -Werror=missing-declarations -Werror=return-type -Werror=overflow -Werror=int-conversion -Werror=incompatible-pointer-types -Werror=misleading-indentation -Werror=missing-include-dirs -Werror=aggregate-return -Werror=switch-default -Wswitch-enum -O2 -g -grecord-gcc-switches -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -m64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection -fdata-sections -ffunction-sections -flto=auto -flto-partition=none -Wl,-z,relro -Wl,--as-needed -Wl,--gc-sections -Wl,-z,now -specs=/usr/lib/rpm/redhat/redhat-hardened-ld -flto=auto -flto-partition=none -fuse-linker-plugin -Wl,--build-id=sha1 -o tests/try-syscall try-syscall.o -lcap
make[1]: Leaving directory '/home/tkloczko/rpmbuild/BUILD/bubblewrap-0.6.2'
/usr/bin/make check-TESTS
make[1]: Entering directory '/home/tkloczko/rpmbuild/BUILD/bubblewrap-0.6.2'
make[2]: Entering directory '/home/tkloczko/rpmbuild/BUILD/bubblewrap-0.6.2'
PASS: tests/test-utils 1 - N_ELEMENTS (three) (3) == 3 (3)
PASS: tests/test-utils 2 - ab ("aaabbb") == "aaabbb" ("aaabbb")
PASS: tests/test-utils 3 - abc ("aaabbbccc") == "aaabbbccc" ("aaabbbccc")
PASS: tests/test-utils 4 - has_prefix ("foo", "foo")
PASS: tests/test-utils 5 - has_prefix ("foobar", "foo")
PASS: tests/test-utils 6 - !(has_prefix ("foobar", "fool"))
PASS: tests/test-utils 7 - !(has_prefix ("foo", "fool"))
PASS: tests/test-utils 8 - has_prefix ("foo", "")
PASS: tests/test-utils 9 - has_prefix ("", "")
PASS: tests/test-utils 10 - !(has_prefix ("", "no"))
PASS: tests/test-utils 11 - !(has_prefix ("yes", "no"))
PASS: tests/test-utils 12 - has_path_prefix (str, prefix)
PASS: tests/test-utils 13 - has_path_prefix (str, prefix)
PASS: tests/test-utils 14 - has_path_prefix (str, prefix)
PASS: tests/test-utils 15 - has_path_prefix (str, prefix)
PASS: tests/test-utils 16 - has_path_prefix (str, prefix)
PASS: tests/test-utils 17 - !(has_path_prefix (str, prefix))
PASS: tests/test-utils 18 - has_path_prefix (str, prefix)
PASS: tests/test-utils 19 - has_path_prefix (str, prefix)
PASS: tests/test-run.sh 1 - Help works
SKIP: tests/test-run.sh 2 # SKIP no FUSE support
PASS: tests/test-run.sh 3 - can mount /proc with
PASS: tests/test-run.sh 4 - can unshare network, create new /dev with
PASS: tests/test-run.sh 5 - cannot read /etc/shadow with
PASS: tests/test-run.sh 6 - cannot read /root/.bashrc with
PASS: tests/test-run.sh 7 - can bind a destination over a symlink
SKIP: tests/test-run.sh 8 # SKIP no FUSE support
PASS: tests/test-run.sh 9 - can mount /proc with --unshare-user-try
PASS: tests/test-run.sh 10 - can unshare network, create new /dev with --unshare-user-try
PASS: tests/test-run.sh 11 - cannot read /etc/shadow with --unshare-user-try
PASS: tests/test-run.sh 12 - cannot read /root/.bashrc with --unshare-user-try
PASS: tests/test-run.sh 13 - can bind a destination over a symlink
SKIP: tests/test-run.sh 14 # SKIP no FUSE support
ERROR: tests/test-run.sh - too few tests run (expected 54, got 14)
ERROR: tests/test-run.sh - exited with status 1
SKIP: tests/test-seccomp.py - cannot import seccomp Python module
PASS: tests/test-specifying-userns.sh 1 - Test --userns
PASS: tests/test-specifying-pidns.sh 1 - Test --pidns
========================================
bubblewrap 0.6.2: ./test-suite.log
========================================
# TOTAL: 38
# PASS: 32
# SKIP: 4
# XFAIL: 0
# FAIL: 0
# XPASS: 0
# ERROR: 2
.. contents:: :depth: 2
ERROR: tests/test-run.sh
========================
+++ dirname ./tests/test-run.sh
++ cd ./tests
++ pwd
+ srcd=/home/tkloczko/rpmbuild/BUILD/bubblewrap-0.6.2/tests
+ . /home/tkloczko/rpmbuild/BUILD/bubblewrap-0.6.2/tests/libtest.sh
++ set -e
++ '[' -n /home/tkloczko/rpmbuild/BUILD/bubblewrap-0.6.2 ']'
++ test_srcdir=/home/tkloczko/rpmbuild/BUILD/bubblewrap-0.6.2/tests
++ '[' -n /home/tkloczko/rpmbuild/BUILD/bubblewrap-0.6.2 ']'
++ test_builddir=/home/tkloczko/rpmbuild/BUILD/bubblewrap-0.6.2/tests
++ . /home/tkloczko/rpmbuild/BUILD/bubblewrap-0.6.2/tests/libtest-core.sh
+++ type -p locale
++++ locale -a
++++ grep -iEe '^(C|en_US)\.(UTF-8|utf8)$'
++++ head -n1
+++ export LC_ALL=C.utf8
+++ LC_ALL=C.utf8
+++ '[' -z C.utf8 ']'
+++ unset LANGUAGE
+++ export G_DEBUG=fatal-warnings
+++ G_DEBUG=fatal-warnings
+++ trap report_err ERR
++ PATH=/usr/bin:/usr/sbin:/usr/local/sbin:/usr/sbin:/sbin
+++ mktemp -d /var/tmp/tap-test.XXXXXX
++ tempdir=/var/tmp/tap-test.TPYsEP
++ touch /var/tmp/tap-test.TPYsEP/.testtmp
++ trap cleanup EXIT
++ cd /var/tmp/tap-test.TPYsEP
++ : /home/tkloczko/rpmbuild/BUILD/bubblewrap-0.6.2/test-bwrap
+++ type -p /home/tkloczko/rpmbuild/BUILD/bubblewrap-0.6.2/test-bwrap
++ test -u /home/tkloczko/rpmbuild/BUILD/bubblewrap-0.6.2/test-bwrap
++ FUSE_DIR=
+++ grep ' fuse[. ]' /proc/self/mounts
+++ awk '{print $2}'
++++ id -u
+++ grep user_id=1000
+++ id -u
++ test 1000 = 0
++ is_uidzero=false
++ UNREADABLE=/root/.bashrc
++ false
+++ dirname /root/.bashrc
++ test -x /root
++ '[' /lib -ef /usr/lib ']'
++ BWRAP_RO_HOST_ARGS='--ro-bind /usr /usr
--ro-bind /etc /etc
--dir /var/tmp
--symlink usr/lib /lib
--symlink usr/lib64 /lib64
--symlink usr/bin /bin
--symlink usr/sbin /sbin
--proc /proc
--dev /dev'
++ RUN='/home/tkloczko/rpmbuild/BUILD/bubblewrap-0.6.2/test-bwrap --bind / / --tmpfs /tmp'
++ '[' -z '' ']'
++ /home/tkloczko/rpmbuild/BUILD/bubblewrap-0.6.2/test-bwrap --bind / / --tmpfs /tmp true
++ basename ./tests/test-run.sh
+ bn=test-run.sh
+ echo 1..54
+ /home/tkloczko/rpmbuild/BUILD/bubblewrap-0.6.2/test-bwrap --help
+ assert_file_has_content help.txt 'usage: /home/tkloczko/rpmbuild/BUILD/bubblewrap-0.6.2/test-bwrap'
+ fpath=help.txt
+ shift
+ for re in "$@"
+ grep -q -e 'usage: /home/tkloczko/rpmbuild/BUILD/bubblewrap-0.6.2/test-bwrap' help.txt
+ echo 'ok - Help works'
+ for ALT in "" "--unshare-user-try" "--unshare-pid" "--unshare-user-try --unshare-pid"
+ '[' x '!=' x ']'
+ echo 'ok # SKIP no FUSE support'
+ /home/tkloczko/rpmbuild/BUILD/bubblewrap-0.6.2/test-bwrap --bind / / --tmpfs /tmp --proc /proc true
1..54
ok - Help works
PASS: tests/test-run.sh 1 - Help works
+ echo 'ok - can mount /proc with '
+ /home/tkloczko/rpmbuild/BUILD/bubblewrap-0.6.2/test-bwrap --bind / / --tmpfs /tmp --unshare-net --proc /proc --dev /dev true
ok # SKIP no FUSE support
SKIP: tests/test-run.sh 2 # SKIP no FUSE support
+ echo 'ok - can unshare network, create new /dev with '
+ echo -n 'expect EPERM: '
expect EPERM: + test -n ''
+ CAP=
+ false
ok - can mount /proc with
PASS: tests/test-run.sh 3 - can mount /proc with
+ /home/tkloczko/rpmbuild/BUILD/bubblewrap-0.6.2/test-bwrap --bind / / --tmpfs /tmp --unshare-net --proc /proc --bind /etc/shadow /tmp/foo cat /etc/shadow
cat: /etc/shadow: Permission denied
+ echo 'ok - cannot read /etc/shadow with '
+ '[' x/root/.bashrc '!=' x ']'
+ echo -n 'expect EPERM: '
expect EPERM: ok - can unshare network, create new /dev with
+ /home/tkloczko/rpmbuild/BUILD/bubblewrap-0.6.2/test-bwrap --bind / / --tmpfs /tmp --unshare-net --proc /proc --dev /dev --bind /root/.bashrc /tmp/foo cat /tmp/foo
PASS: tests/test-run.sh 4 - can unshare network, create new /dev with
bwrap: Can't find source path /root/.bashrc: Permission denied
+ echo 'ok - cannot read /root/.bashrc with '
+ /home/tkloczko/rpmbuild/BUILD/bubblewrap-0.6.2/test-bwrap --bind / / --tmpfs /tmp --dir /tmp/dir --symlink dir /tmp/link --bind /etc /tmp/link true
ok - cannot read /etc/shadow with
PASS: tests/test-run.sh 5 - cannot read /etc/shadow with
+ echo 'ok - can bind a destination over a symlink'
+ for ALT in "" "--unshare-user-try" "--unshare-pid" "--unshare-user-try --unshare-pid"
+ '[' x '!=' x ']'
+ echo 'ok # SKIP no FUSE support'
ok - cannot read /root/.bashrc with
+ /home/tkloczko/rpmbuild/BUILD/bubblewrap-0.6.2/test-bwrap --bind / / --tmpfs /tmp --unshare-user-try --proc /proc true
PASS: tests/test-run.sh 6 - cannot read /root/.bashrc with
ok - can bind a destination over a symlink
PASS: tests/test-run.sh 7 - can bind a destination over a symlink
+ echo 'ok - can mount /proc with --unshare-user-try'
+ /home/tkloczko/rpmbuild/BUILD/bubblewrap-0.6.2/test-bwrap --bind / / --tmpfs /tmp --unshare-user-try --unshare-net --proc /proc --dev /dev true
ok # SKIP no FUSE support
SKIP: tests/test-run.sh 8 # SKIP no FUSE support
+ echo 'ok - can unshare network, create new /dev with --unshare-user-try'
+ echo -n 'expect EPERM: '
expect EPERM: + test -n ''
+ CAP=
+ false
ok - can mount /proc with --unshare-user-try
+ /home/tkloczko/rpmbuild/BUILD/bubblewrap-0.6.2/test-bwrap --bind / / --tmpfs /tmp --unshare-user-try --unshare-net --proc /proc --bind /etc/shadow /tmp/foo cat /etc/shadow
PASS: tests/test-run.sh 9 - can mount /proc with --unshare-user-try
cat: /etc/shadow: Permission denied
+ echo 'ok - cannot read /etc/shadow with --unshare-user-try'
+ '[' x/root/.bashrc '!=' x ']'
+ echo -n 'expect EPERM: '
expect EPERM: ok - can unshare network, create new /dev with --unshare-user-try
+ /home/tkloczko/rpmbuild/BUILD/bubblewrap-0.6.2/test-bwrap --bind / / --tmpfs /tmp --unshare-user-try --unshare-net --proc /proc --dev /dev --bind /root/.bashrc /tmp/foo cat /tmp/foo
PASS: tests/test-run.sh 10 - can unshare network, create new /dev with --unshare-user-try
bwrap: Can't find source path /root/.bashrc: Permission denied
+ echo 'ok - cannot read /root/.bashrc with --unshare-user-try'
+ /home/tkloczko/rpmbuild/BUILD/bubblewrap-0.6.2/test-bwrap --bind / / --tmpfs /tmp --unshare-user-try --dir /tmp/dir --symlink dir /tmp/link --bind /etc /tmp/link true
ok - cannot read /etc/shadow with --unshare-user-try
PASS: tests/test-run.sh 11 - cannot read /etc/shadow with --unshare-user-try
+ echo 'ok - can bind a destination over a symlink'
+ for ALT in "" "--unshare-user-try" "--unshare-pid" "--unshare-user-try --unshare-pid"
+ '[' x '!=' x ']'
+ echo 'ok # SKIP no FUSE support'
+ /home/tkloczko/rpmbuild/BUILD/bubblewrap-0.6.2/test-bwrap --bind / / --tmpfs /tmp --unshare-pid --proc /proc true
ok - cannot read /root/.bashrc with --unshare-user-try
PASS: tests/test-run.sh 12 - cannot read /root/.bashrc with --unshare-user-try
ok - can bind a destination over a symlink
PASS: tests/test-run.sh 13 - can bind a destination over a symlink
bwrap: Can't mount proc on /newroot/proc: Operation not permitted
++ report_err
++ local exit_status=1
Unexpected nonzero exit status 1 while running: $RUN $ALT --proc /proc true
+ cleanup
+ test -n ''
+ test -f /var/tmp/tap-test.TPYsEP/.testtmp
+ rm -rf /var/tmp/tap-test.TPYsEP
ok # SKIP no FUSE support
SKIP: tests/test-run.sh 14 # SKIP no FUSE support
ERROR: tests/test-run.sh - too few tests run (expected 54, got 14)
ERROR: tests/test-run.sh - exited with status 1
SKIP: tests/test-seccomp.py
===========================
1..0 # SKIP cannot import seccomp Python module
SKIP: tests/test-seccomp.py - cannot import seccomp Python module
============================================================================
Testsuite summary for bubblewrap 0.6.2
============================================================================
# TOTAL: 38
# PASS: 32
# SKIP: 4
# XFAIL: 0
# FAIL: 0
# XPASS: 0
# ERROR: 2
============================================================================
See ./test-suite.log
Please report to [email protected]
============================================================================
freezez when started with palatalisation
I assume you mean "freezes when started with parallelization". It works for me, but I don't have a machine with 48 CPU cores.
bwrap: Can't mount proc on /newroot/proc: Operation not permitted
What environment are you running this in? Is it in a container, or a restrictive seccomp profile, or a chroot, or some other environment where bubblewrap can't work?
Indeed I'm running all my builds insiide LXC zones with stripped down many CAP_s.
If capabilities involved in creating containers have been removed from the bounding set, then yes, you can expect bubblewrap to fail some of its tests: it's a container tool.
The failing command seems to be that in this particular LXC environment, we can combine --proc /proc with either --unshare-user-try or --unshare-pid, but not both?
If there was anything new to say about this, then there would have been a comment or a merge request.
As I said above, if capabilities involved in creating containers have been removed from the bounding set, then yes, you can expect bubblewrap to fail some of its tests: it's a container tool. I can't magic bubblewrap into working in environments where it isn't allowed to do its job.
I also don't have access to your specific test environment, but if you want to propose a merge request that somehow detects an environment where a subset of the tests can't work, and skips those tests, then please do.
I just back to this issue with last version 0.8.0 and currently test suite fails because missing seccomp python module.
I cannot find this module on pypi
+ cd bubblewrap-0.8.0
+ /usr/bin/make -O -j48 V=1 VERBOSE=1 check -j1
/usr/bin/make tests/test-utils test-bwrap tests/try-syscall
make[1]: Entering directory '/home/tkloczko/rpmbuild/BUILD/bubblewrap-0.8.0'
/usr/bin/gcc -DHAVE_CONFIG_H -I. -pipe -Wall -Werror=shadow -Werror=empty-body -Werror=strict-prototypes -Werror=missing-prototypes -Werror=implicit-function-declaration -Werror=format=2 -Werror=format-security -Werror=format-nonliteral -Werror=pointer-arith -Werror=init-self -Werror=missing-declarations -Werror=return-type -Werror=overflow -Werror=int-conversion -Werror=incompatible-pointer-types -Werror=misleading-indentation -Werror=missing-include-dirs -Werror=aggregate-return -Werror=switch-default -Wswitch-enum -m64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection -O2 -g -grecord-gcc-switches -pipe -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -fno-omit-frame-pointer -mno-omit-leaf-frame-pointer -fdata-sections -ffunction-sections -fstack-protector-strong -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -flto=auto -Wp,-U_FORTIFY_SOURCE,-D_FORTIFY_SOURCE=3 -Wp,-D_GLIBCXX_ASSERTIONS -Wall -Werror=format-security -c -o test-utils.o `test -f 'tests/test-utils.c' || echo './'`tests/test-utils.c
/usr/bin/gcc -DHAVE_CONFIG_H -I. -pipe -Wall -Werror=shadow -Werror=empty-body -Werror=strict-prototypes -Werror=missing-prototypes -Werror=implicit-function-declaration -Werror=format=2 -Werror=format-security -Werror=format-nonliteral -Werror=pointer-arith -Werror=init-self -Werror=missing-declarations -Werror=return-type -Werror=overflow -Werror=int-conversion -Werror=incompatible-pointer-types -Werror=misleading-indentation -Werror=missing-include-dirs -Werror=aggregate-return -Werror=switch-default -Wswitch-enum -m64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection -O2 -g -grecord-gcc-switches -pipe -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -fno-omit-frame-pointer -mno-omit-leaf-frame-pointer -fdata-sections -ffunction-sections -fstack-protector-strong -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -flto=auto -Wp,-U_FORTIFY_SOURCE,-D_FORTIFY_SOURCE=3 -Wp,-D_GLIBCXX_ASSERTIONS -Wall -Werror=format-security -c -o utils.o utils.c
/usr/bin/gcc -pipe -Wall -Werror=shadow -Werror=empty-body -Werror=strict-prototypes -Werror=missing-prototypes -Werror=implicit-function-declaration -Werror=format=2 -Werror=format-security -Werror=format-nonliteral -Werror=pointer-arith -Werror=init-self -Werror=missing-declarations -Werror=return-type -Werror=overflow -Werror=int-conversion -Werror=incompatible-pointer-types -Werror=misleading-indentation -Werror=missing-include-dirs -Werror=aggregate-return -Werror=switch-default -Wswitch-enum -m64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection -O2 -g -grecord-gcc-switches -pipe -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -fno-omit-frame-pointer -mno-omit-leaf-frame-pointer -fdata-sections -ffunction-sections -fstack-protector-strong -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -flto=auto -Wp,-U_FORTIFY_SOURCE,-D_FORTIFY_SOURCE=3 -Wp,-D_GLIBCXX_ASSERTIONS -Wall -Werror=format-security -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -Wl,--gc-sections -Wl,--as-needed -Wl,--build-id=sha1 -Wl,-z,now -specs=/usr/lib/rpm/redhat/redhat-hardened-ld -Wl,-z,pack-relative-relocs -flto=auto -fuse-linker-plugin -o tests/test-utils test-utils.o utils.o -L/usr/lib -lselinux -lcap
rm -rf test-bwrap
cp bwrap test-bwrap
chmod 0755 test-bwrap
/usr/bin/gcc -DHAVE_CONFIG_H -I. -pipe -Wall -Werror=shadow -Werror=empty-body -Werror=strict-prototypes -Werror=missing-prototypes -Werror=implicit-function-declaration -Werror=format=2 -Werror=format-security -Werror=format-nonliteral -Werror=pointer-arith -Werror=init-self -Werror=missing-declarations -Werror=return-type -Werror=overflow -Werror=int-conversion -Werror=incompatible-pointer-types -Werror=misleading-indentation -Werror=missing-include-dirs -Werror=aggregate-return -Werror=switch-default -Wswitch-enum -m64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection -O2 -g -grecord-gcc-switches -pipe -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -fno-omit-frame-pointer -mno-omit-leaf-frame-pointer -fdata-sections -ffunction-sections -fstack-protector-strong -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -flto=auto -Wp,-U_FORTIFY_SOURCE,-D_FORTIFY_SOURCE=3 -Wp,-D_GLIBCXX_ASSERTIONS -Wall -Werror=format-security -c -o try-syscall.o `test -f 'tests/try-syscall.c' || echo './'`tests/try-syscall.c
/usr/bin/gcc -pipe -Wall -Werror=shadow -Werror=empty-body -Werror=strict-prototypes -Werror=missing-prototypes -Werror=implicit-function-declaration -Werror=format=2 -Werror=format-security -Werror=format-nonliteral -Werror=pointer-arith -Werror=init-self -Werror=missing-declarations -Werror=return-type -Werror=overflow -Werror=int-conversion -Werror=incompatible-pointer-types -Werror=misleading-indentation -Werror=missing-include-dirs -Werror=aggregate-return -Werror=switch-default -Wswitch-enum -m64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection -O2 -g -grecord-gcc-switches -pipe -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -fno-omit-frame-pointer -mno-omit-leaf-frame-pointer -fdata-sections -ffunction-sections -fstack-protector-strong -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -flto=auto -Wp,-U_FORTIFY_SOURCE,-D_FORTIFY_SOURCE=3 -Wp,-D_GLIBCXX_ASSERTIONS -Wall -Werror=format-security -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -Wl,--gc-sections -Wl,--as-needed -Wl,--build-id=sha1 -Wl,-z,now -specs=/usr/lib/rpm/redhat/redhat-hardened-ld -Wl,-z,pack-relative-relocs -flto=auto -fuse-linker-plugin -o tests/try-syscall try-syscall.o -lcap
make[1]: Leaving directory '/home/tkloczko/rpmbuild/BUILD/bubblewrap-0.8.0'
/usr/bin/make check-TESTS
make[1]: Entering directory '/home/tkloczko/rpmbuild/BUILD/bubblewrap-0.8.0'
make[2]: Entering directory '/home/tkloczko/rpmbuild/BUILD/bubblewrap-0.8.0'
PASS: tests/test-utils 1 - N_ELEMENTS (three) (3) == 3 (3)
PASS: tests/test-utils 2 - ab ("aaabbb") == "aaabbb" ("aaabbb")
PASS: tests/test-utils 3 - abc ("aaabbbccc") == "aaabbbccc" ("aaabbbccc")
PASS: tests/test-utils 4 - has_prefix ("foo", "foo")
PASS: tests/test-utils 5 - has_prefix ("foobar", "foo")
PASS: tests/test-utils 6 - !(has_prefix ("foobar", "fool"))
PASS: tests/test-utils 7 - !(has_prefix ("foo", "fool"))
PASS: tests/test-utils 8 - has_prefix ("foo", "")
PASS: tests/test-utils 9 - has_prefix ("", "")
PASS: tests/test-utils 10 - !(has_prefix ("", "no"))
PASS: tests/test-utils 11 - !(has_prefix ("yes", "no"))
PASS: tests/test-utils 12 - has_path_prefix (str, prefix)
PASS: tests/test-utils 13 - has_path_prefix (str, prefix)
PASS: tests/test-utils 14 - has_path_prefix (str, prefix)
PASS: tests/test-utils 15 - has_path_prefix (str, prefix)
PASS: tests/test-utils 16 - has_path_prefix (str, prefix)
PASS: tests/test-utils 17 - !(has_path_prefix (str, prefix))
PASS: tests/test-utils 18 - has_path_prefix (str, prefix)
PASS: tests/test-utils 19 - has_path_prefix (str, prefix)
PASS: tests/test-run.sh 1 - Help works
SKIP: tests/test-run.sh 2 # SKIP no FUSE support
PASS: tests/test-run.sh 3 - can mount /proc with
PASS: tests/test-run.sh 4 - can unshare network, create new /dev with
PASS: tests/test-run.sh 5 - cannot read /etc/shadow with
PASS: tests/test-run.sh 6 - cannot read /root/.bashrc with
PASS: tests/test-run.sh 7 - can bind a destination over a symlink
SKIP: tests/test-run.sh 8 # SKIP no FUSE support
PASS: tests/test-run.sh 9 - can mount /proc with --unshare-user-try
PASS: tests/test-run.sh 10 - can unshare network, create new /dev with --unshare-user-try
PASS: tests/test-run.sh 11 - cannot read /etc/shadow with --unshare-user-try
PASS: tests/test-run.sh 12 - cannot read /root/.bashrc with --unshare-user-try
PASS: tests/test-run.sh 13 - can bind a destination over a symlink
SKIP: tests/test-run.sh 14 # SKIP no FUSE support
ERROR: tests/test-run.sh - too few tests run (expected 58, got 14)
ERROR: tests/test-run.sh - exited with status 1
SKIP: tests/test-seccomp.py - cannot import seccomp Python module
PASS: tests/test-specifying-userns.sh 1 - Test --userns
PASS: tests/test-specifying-pidns.sh 1 - Test --pidns
========================================
bubblewrap 0.8.0: ./test-suite.log
========================================
# TOTAL: 38
# PASS: 32
# SKIP: 4
# XFAIL: 0
# FAIL: 0
# XPASS: 0
# ERROR: 2
.. contents:: :depth: 2
ERROR: tests/test-run.sh
========================
+++ dirname ./tests/test-run.sh
++ cd ./tests
++ pwd
+ srcd=/home/tkloczko/rpmbuild/BUILD/bubblewrap-0.8.0/tests
+ . /home/tkloczko/rpmbuild/BUILD/bubblewrap-0.8.0/tests/libtest.sh
++ set -e
++ '[' -n /home/tkloczko/rpmbuild/BUILD/bubblewrap-0.8.0 ']'
++ test_srcdir=/home/tkloczko/rpmbuild/BUILD/bubblewrap-0.8.0/tests
++ '[' -n /home/tkloczko/rpmbuild/BUILD/bubblewrap-0.8.0 ']'
++ test_builddir=/home/tkloczko/rpmbuild/BUILD/bubblewrap-0.8.0/tests
++ . /home/tkloczko/rpmbuild/BUILD/bubblewrap-0.8.0/tests/libtest-core.sh
+++ type -p locale
++++ locale -a
++++ grep -iEe '^(C|en_US)\.(UTF-8|utf8)$'
++++ head -n1
+++ export LC_ALL=C.utf8
+++ LC_ALL=C.utf8
+++ '[' -z C.utf8 ']'
+++ unset LANGUAGE
+++ export G_DEBUG=fatal-warnings
+++ G_DEBUG=fatal-warnings
+++ trap report_err ERR
++ PATH=/usr/bin:/usr/sbin:/usr/local/sbin:/usr/sbin:/sbin
+++ mktemp -d /var/tmp/tap-test.XXXXXX
++ tempdir=/var/tmp/tap-test.MDjIji
++ touch /var/tmp/tap-test.MDjIji/.testtmp
++ trap cleanup EXIT
++ cd /var/tmp/tap-test.MDjIji
++ : /home/tkloczko/rpmbuild/BUILD/bubblewrap-0.8.0/test-bwrap
+++ type -p /home/tkloczko/rpmbuild/BUILD/bubblewrap-0.8.0/test-bwrap
++ test -u /home/tkloczko/rpmbuild/BUILD/bubblewrap-0.8.0/test-bwrap
++ FUSE_DIR=
+++ grep ' fuse[. ]' /proc/self/mounts
+++ awk '{print $2}'
++++ id -u
+++ grep user_id=1000
+++ id -u
++ test 1000 = 0
++ is_uidzero=false
++ UNREADABLE=/root/.bashrc
++ false
+++ dirname /root/.bashrc
++ test -x /root
++ '[' /lib -ef /usr/lib ']'
++ BWRAP_RO_HOST_ARGS='--ro-bind /usr /usr
--ro-bind /etc /etc
--dir /var/tmp
--symlink usr/lib /lib
--symlink usr/lib64 /lib64
--symlink usr/bin /bin
--symlink usr/sbin /sbin
--proc /proc
--dev /dev'
++ RUN='/home/tkloczko/rpmbuild/BUILD/bubblewrap-0.8.0/test-bwrap --bind / / --tmpfs /tmp'
++ '[' -z '' ']'
++ /home/tkloczko/rpmbuild/BUILD/bubblewrap-0.8.0/test-bwrap --bind / / --tmpfs /tmp true
++ basename ./tests/test-run.sh
+ bn=test-run.sh
+ echo 1..58
+ /home/tkloczko/rpmbuild/BUILD/bubblewrap-0.8.0/test-bwrap --help
+ assert_file_has_content help.txt 'usage: /home/tkloczko/rpmbuild/BUILD/bubblewrap-0.8.0/test-bwrap'
+ fpath=help.txt
+ shift
+ for re in "$@"
+ grep -q -e 'usage: /home/tkloczko/rpmbuild/BUILD/bubblewrap-0.8.0/test-bwrap' help.txt
+ echo 'ok - Help works'
+ for ALT in "" "--unshare-user-try" "--unshare-pid" "--unshare-user-try --unshare-pid"
+ '[' x '!=' x ']'
+ echo 'ok # SKIP no FUSE support'
+ /home/tkloczko/rpmbuild/BUILD/bubblewrap-0.8.0/test-bwrap --bind / / --tmpfs /tmp --proc /proc true
1..58
ok - Help works
PASS: tests/test-run.sh 1 - Help works
+ echo 'ok - can mount /proc with '
+ /home/tkloczko/rpmbuild/BUILD/bubblewrap-0.8.0/test-bwrap --bind / / --tmpfs /tmp --unshare-net --proc /proc --dev /dev true
ok # SKIP no FUSE support
SKIP: tests/test-run.sh 2 # SKIP no FUSE support
+ echo 'ok - can unshare network, create new /dev with '
+ echo -n 'expect EPERM: '
expect EPERM: + test -n ''
+ CAP=
+ cat /etc/shadow
ok - can mount /proc with
PASS: tests/test-run.sh 3 - can mount /proc with
cat: /etc/shadow: Permission denied
+ /home/tkloczko/rpmbuild/BUILD/bubblewrap-0.8.0/test-bwrap --bind / / --tmpfs /tmp --unshare-net --proc /proc --bind /etc/shadow /tmp/foo cat /tmp/foo
cat: /tmp/foo: Permission denied
+ cat /etc/shadow
cat: /etc/shadow: Permission denied
+ /home/tkloczko/rpmbuild/BUILD/bubblewrap-0.8.0/test-bwrap --bind / / --tmpfs /tmp --unshare-net --proc /proc --bind /etc/shadow /tmp/foo cat /etc/shadow
cat: /etc/shadow: Permission denied
+ echo 'ok - cannot read /etc/shadow with '
+ '[' x/root/.bashrc '!=' x ']'
+ echo -n 'expect EPERM: '
expect EPERM: + /home/tkloczko/rpmbuild/BUILD/bubblewrap-0.8.0/test-bwrap --bind / / --tmpfs /tmp --unshare-net --proc /proc --dev /dev --bind /root/.bashrc /tmp/foo cat /tmp/foo
ok - can unshare network, create new /dev with
PASS: tests/test-run.sh 4 - can unshare network, create new /dev with
bwrap: Can't find source path /root/.bashrc: Permission denied
+ echo 'ok - cannot read /root/.bashrc with '
+ /home/tkloczko/rpmbuild/BUILD/bubblewrap-0.8.0/test-bwrap --bind / / --tmpfs /tmp --dir /tmp/dir --symlink dir /tmp/link --bind /etc /tmp/link true
ok - cannot read /etc/shadow with
PASS: tests/test-run.sh 5 - cannot read /etc/shadow with
+ echo 'ok - can bind a destination over a symlink'
+ for ALT in "" "--unshare-user-try" "--unshare-pid" "--unshare-user-try --unshare-pid"
+ '[' x '!=' x ']'
+ echo 'ok # SKIP no FUSE support'
+ /home/tkloczko/rpmbuild/BUILD/bubblewrap-0.8.0/test-bwrap --bind / / --tmpfs /tmp --unshare-user-try --proc /proc true
ok - cannot read /root/.bashrc with
PASS: tests/test-run.sh 6 - cannot read /root/.bashrc with
ok - can bind a destination over a symlink
PASS: tests/test-run.sh 7 - can bind a destination over a symlink
+ echo 'ok - can mount /proc with --unshare-user-try'
+ /home/tkloczko/rpmbuild/BUILD/bubblewrap-0.8.0/test-bwrap --bind / / --tmpfs /tmp --unshare-user-try --unshare-net --proc /proc --dev /dev true
ok # SKIP no FUSE support
SKIP: tests/test-run.sh 8 # SKIP no FUSE support
+ echo 'ok - can unshare network, create new /dev with --unshare-user-try'
+ echo -n 'expect EPERM: '
expect EPERM: + test -n ''
+ CAP=
+ cat /etc/shadow
ok - can mount /proc with --unshare-user-try
PASS: tests/test-run.sh 9 - can mount /proc with --unshare-user-try
cat: /etc/shadow: Permission denied
+ /home/tkloczko/rpmbuild/BUILD/bubblewrap-0.8.0/test-bwrap --bind / / --tmpfs /tmp --unshare-user-try --unshare-net --proc /proc --bind /etc/shadow /tmp/foo cat /tmp/foo
cat: /tmp/foo: Permission denied
+ cat /etc/shadow
cat: /etc/shadow: Permission denied
+ /home/tkloczko/rpmbuild/BUILD/bubblewrap-0.8.0/test-bwrap --bind / / --tmpfs /tmp --unshare-user-try --unshare-net --proc /proc --bind /etc/shadow /tmp/foo cat /etc/shadow
cat: /etc/shadow: Permission denied
+ echo 'ok - cannot read /etc/shadow with --unshare-user-try'
+ '[' x/root/.bashrc '!=' x ']'
ok - can unshare network, create new /dev with --unshare-user-try
+ echo -n 'expect EPERM: '
PASS: tests/test-run.sh 10 - can unshare network, create new /dev with --unshare-user-try
expect EPERM: + /home/tkloczko/rpmbuild/BUILD/bubblewrap-0.8.0/test-bwrap --bind / / --tmpfs /tmp --unshare-user-try --unshare-net --proc /proc --dev /dev --bind /root/.bashrc /tmp/foo cat /tmp/foo
bwrap: Can't find source path /root/.bashrc: Permission denied
+ echo 'ok - cannot read /root/.bashrc with --unshare-user-try'
ok - cannot read /etc/shadow with --unshare-user-try
+ /home/tkloczko/rpmbuild/BUILD/bubblewrap-0.8.0/test-bwrap --bind / / --tmpfs /tmp --unshare-user-try --dir /tmp/dir --symlink dir /tmp/link --bind /etc /tmp/link true
PASS: tests/test-run.sh 11 - cannot read /etc/shadow with --unshare-user-try
+ echo 'ok - can bind a destination over a symlink'
+ for ALT in "" "--unshare-user-try" "--unshare-pid" "--unshare-user-try --unshare-pid"
ok - cannot read /root/.bashrc with --unshare-user-try
+ '[' x '!=' x ']'
PASS: tests/test-run.sh 12 - cannot read /root/.bashrc with --unshare-user-try
+ echo 'ok # SKIP no FUSE support'
ok - can bind a destination over a symlink
+ /home/tkloczko/rpmbuild/BUILD/bubblewrap-0.8.0/test-bwrap --bind / / --tmpfs /tmp --unshare-pid --proc /proc true
PASS: tests/test-run.sh 13 - can bind a destination over a symlink
bwrap: Can't mount proc on /newroot/proc: Operation not permitted
++ report_err
++ local exit_status=1
Unexpected nonzero exit status 1 while running: $RUN $ALT --proc /proc true
+ cleanup
+ test -n ''
+ test -f /var/tmp/tap-test.MDjIji/.testtmp
+ rm -rf /var/tmp/tap-test.MDjIji
ok # SKIP no FUSE support
SKIP: tests/test-run.sh 14 # SKIP no FUSE support
ERROR: tests/test-run.sh - too few tests run (expected 58, got 14)
ERROR: tests/test-run.sh - exited with status 1
SKIP: tests/test-seccomp.py
===========================
1..0 # SKIP cannot import seccomp Python module
SKIP: tests/test-seccomp.py - cannot import seccomp Python module
============================================================================
Testsuite summary for bubblewrap 0.8.0
============================================================================
# TOTAL: 38
# PASS: 32
# SKIP: 4
# XFAIL: 0
# FAIL: 0
# XPASS: 0
# ERROR: 2
============================================================================
See ./test-suite.log
Please report to [email protected]
============================================================================
make[2]: *** [Makefile:1010: test-suite.log] Error 1
make[2]: Leaving directory '/home/tkloczko/rpmbuild/BUILD/bubblewrap-0.8.0'
make[1]: *** [Makefile:1118: check-TESTS] Error 2
make[1]: Leaving directory '/home/tkloczko/rpmbuild/BUILD/bubblewrap-0.8.0'
make: *** [Makefile:1357: check-am] Error 2
currently test suite fails because missing seccomp python module
No it doesn't, some tests were skipped because of a missing seccomp Python module. The actual failure is (still)
bwrap: Can't mount proc on /newroot/proc: Operation not permitted
If your test environment is not allowed to mount the proc filesystem, then bubblewrap cannot do its job.
If your test environment is not allowed to mount the proc filesystem, then bubblewrap cannot do its job.
It is allowed but test suite is executed from non-0root account.