Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

run unittests in privileged docker container #165

Merged
merged 3 commits into from
Oct 10, 2024

Conversation

roypat
Copy link
Collaborator

@roypat roypat commented Sep 26, 2024

The code coverage tests already run in a privileged container, so this does not affect our security posture. Additionally, it will unblock vsock unit tests in the vhost-user-vsock crate, see also rust-vmm/vhost-device#706 and rust-vmm/vhost-device#728

Summary of the PR

Please summarize here why the changes in this PR are needed.

Requirements

Before submitting your PR, please make sure you addressed the following
requirements:

  • All commits in this PR have Signed-Off-By trailers (with
    git commit -s), and the commit message has max 60 characters for the
    summary and max 75 characters for each description line.
  • All added/changed functionality has a corresponding unit/integration
    test.
  • All added/changed public-facing functionality has entries in the "Upcoming
    Release" section of CHANGELOG.md (if no such section exists, please create one).
  • Any newly added unsafe code is properly documented.

The code coverage tests already run in a privileged container, so this
does not affect our security posture. Additionally, it will unblock
vsock unit tests in the vhost-user-vsock crate, see also
rust-vmm/vhost-device#706 and
rust-vmm/vhost-device#728

Signed-off-by: Patrick Roy <roypat@amazon.co.uk>
@TimePrinciple
Copy link
Contributor

I was about to ask if we could do the same for rust-vmm-container, I'll need to mount directories inside container to create images since some tests would fail in 9p rootfs as of riscv64.

I will bring up this discussion recently :)

@roypat roypat merged commit 209c04e into rust-vmm:main Oct 10, 2024
3 checks passed
stefano-garzarella added a commit to stefano-garzarella/vhost-device that referenced this pull request Oct 10, 2024
rust-vmm/rust-vmm-ci#165 allows us to
run unittests in a privileged container, so we can use AF_VSOCK
in our CI which was otherwise not allowed by docker.
This was already enabled for coverage tests.

Signed-off-by: Stefano Garzarella <sgarzare@redhat.com>
@stefano-garzarella
Copy link
Member

Just to confirm that now rust-vmm/vhost-device#728 is working great with this PR merged!

vireshk pushed a commit to rust-vmm/vhost-device that referenced this pull request Oct 10, 2024
rust-vmm/rust-vmm-ci#165 allows us to
run unittests in a privileged container, so we can use AF_VSOCK
in our CI which was otherwise not allowed by docker.
This was already enabled for coverage tests.

Signed-off-by: Stefano Garzarella <sgarzare@redhat.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants