diff options
| author | Christian Kögler <ck3d@gmx.de> | 2024-06-10 07:43:49 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2024-06-10 07:43:49 +0200 |
| commit | 3844793c027404189bf07c979434eff1d55744d0 (patch) | |
| tree | c8baa7847d8ee079cade49390817e1bd95a495d2 /nixos | |
| parent | 629cf33e2d7bf60094fb1ec424d5658aa65da07c (diff) | |
| parent | 181e82f4b21eb779cc90fc179b162a3ad0bb2e11 (diff) | |
Merge pull request #318449 from ck3d/nixos-test-machinectl-cgroup2
nixos/tests/machinectl: add workaround for nix-build
Diffstat (limited to 'nixos')
| -rw-r--r-- | nixos/tests/systemd-machinectl.nix | 24 |
1 files changed, 24 insertions, 0 deletions
diff --git a/nixos/tests/systemd-machinectl.nix b/nixos/tests/systemd-machinectl.nix index 9d761c6d4d8b8..555a8bb43b30e 100644 --- a/nixos/tests/systemd-machinectl.nix +++ b/nixos/tests/systemd-machinectl.nix @@ -76,10 +76,23 @@ in }; }; + systemd.nspawn.${containerName} = { + filesConfig = { + # workaround to fix kernel namespaces; needed for Nix sandbox + # https://github.com/systemd/systemd/issues/27994#issuecomment-1704005670 + Bind = "/proc:/run/proc"; + }; + }; + systemd.services."systemd-nspawn@${containerName}" = { serviceConfig.Environment = [ # Disable tmpfs for /tmp "SYSTEMD_NSPAWN_TMPFS_TMP=0" + + # force unified cgroup delegation, which would be the default + # if systemd could check the capabilities of the installed systemd. + # see also: https://github.com/NixOS/nixpkgs/pull/198526 + "SYSTEMD_NSPAWN_UNIFIED_HIERARCHY=1" ]; overrideStrategy = "asDropin"; }; @@ -121,6 +134,17 @@ in machine.succeed("machinectl start ${containerName}"); machine.wait_until_succeeds("systemctl -M ${containerName} is-active default.target"); + # Test systemd-nspawn configured unified cgroup delegation + # see also: + # https://github.com/systemd/systemd/blob/main/docs/CGROUP_DELEGATION.md#three-different-tree-setups- + machine.succeed('systemd-run --pty --wait -M ${containerName} /run/current-system/sw/bin/stat --format="%T" --file-system /sys/fs/cgroup > fstype') + machine.succeed('test $(tr -d "\\r" < fstype) = cgroup2fs') + + # Test if systemd-nspawn provides a working environment for nix to build derivations + # https://nixos.org/guides/nix-pills/07-working-derivation + machine.succeed('systemd-run --pty --wait -M ${containerName} /run/current-system/sw/bin/nix-instantiate --expr \'derivation { name = "myname"; builder = "/bin/sh"; args = [ "-c" "echo foo > $out" ]; system = "${pkgs.system}"; }\' --add-root /tmp/drv') + machine.succeed('systemd-run --pty --wait -M ${containerName} /run/current-system/sw/bin/nix-store --option substitute false --realize /tmp/drv') + # Test nss_mymachines without nscd machine.succeed('LD_LIBRARY_PATH="/run/current-system/sw/lib" getent -s hosts:mymachines hosts ${containerName}'); |