[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Bug 1897194] Re: Test failure in test-crypto-secret.c
From: |
Toolybird |
Subject: |
[Bug 1897194] Re: Test failure in test-crypto-secret.c |
Date: |
Wed, 28 Oct 2020 23:18:49 -0000 |
> systemd-nspawn containers don't have CAP_SYS_ADMIN
Above statement is utter bollocks. Please ignore..
I finally got to the bottom of all this and now have the test suite passing.
- don't use `--disable-keyring', it's busted
- systemd-nspawn containers need to be configured with additional
capabilities/syscalls (see below)
I noticed another test failing (postcopy-ram in tests/qtest/migration-
test.c). It needs access to munlockall which is covered by CAP_IPC_LOCK
capability.
Here is my .nspawn config needed to get the test suite passing inside a
systemd-nspawn container:
[Exec]
Capability=CAP_IPC_LOCK
SystemCallFilter=add_key keyctl
** Changed in: qemu
Status: New => Invalid
--
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1897194
Title:
Test failure in test-crypto-secret.c
Status in QEMU:
Invalid
Bug description:
When running qemu test suite I'm seeing a test failure:
ERROR:../qemu/tests/test-crypto-secret.c:144:test_secret_keyring_good:
assertion failed: (key >= 0)
Host is Arch Linux running in the standard Arch build environment
(essentially an nspawn container).
I first noticed this at release of 5.1.0 but it's still there on
current trunk. For 5.1.0 I was able to sidestep the issue by building
with `--disable-keyring' but this no longer works (I think due to
9866a33cbb7046891dec3dcc9ca2015828673afe)
Any clues on what might be the cause? Not sure how to debug.
To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1897194/+subscriptions