nixos/tests/containers-tmpfs.nix at 25.11-pre · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs
lol
nixpkgs / nixos / tests / containers-tmpfs.nix
at 25.11-pre 3.1 kB view raw
 1import ./make-test-python.nix (
 2  { pkgs, lib, ... }:
 3  {
 4    name = "containers-tmpfs";
 5    meta = {
 6      maintainers = with lib.maintainers; [ patryk27 ];
 7    };
 8
 9    nodes.machine =
10      { pkgs, ... }:
11      {
12        imports = [ ../modules/installer/cd-dvd/channel.nix ];
13        virtualisation.writableStore = true;
14
15        containers.tmpfs = {
16          autoStart = true;
17          tmpfs = [
18            # Mount var as a tmpfs
19            "/var"
20
21            # Add a nested mount inside a tmpfs
22            "/var/log"
23
24            # Add a tmpfs on a path that does not exist
25            "/some/random/path"
26          ];
27          config = { };
28        };
29
30        virtualisation.additionalPaths = [ pkgs.stdenv ];
31      };
32
33    testScript = ''
34      machine.wait_for_unit("default.target")
35      assert "tmpfs" in machine.succeed("nixos-container list")
36
37      with subtest("tmpfs container is up"):
38          assert "up" in machine.succeed("nixos-container status tmpfs")
39
40
41      def tmpfs_cmd(command):
42          return f"nixos-container run tmpfs -- {command} 2>/dev/null"
43
44
45      with subtest("/var is mounted as a tmpfs"):
46          machine.succeed(tmpfs_cmd("mountpoint -q /var"))
47
48      with subtest("/var/log is mounted as a tmpfs"):
49          assert "What: tmpfs" in machine.succeed(
50              tmpfs_cmd("systemctl status var-log.mount --no-pager")
51          )
52          machine.succeed(tmpfs_cmd("mountpoint -q /var/log"))
53
54      with subtest("/some/random/path is mounted as a tmpfs"):
55          assert "What: tmpfs" in machine.succeed(
56              tmpfs_cmd("systemctl status some-random-path.mount --no-pager")
57          )
58          machine.succeed(tmpfs_cmd("mountpoint -q /some/random/path"))
59
60      with subtest(
61          "files created in the container in a non-tmpfs directory are visible on the host."
62      ):
63          # This establishes legitimacy for the following tests
64          machine.succeed(
65              tmpfs_cmd("touch /root/test.file"),
66              tmpfs_cmd("ls -l  /root | grep -q test.file"),
67              "test -e /var/lib/nixos-containers/tmpfs/root/test.file",
68          )
69
70      with subtest(
71          "/some/random/path is writable and that files created there are not "
72          + "in the hosts container dir but in the tmpfs"
73      ):
74          machine.succeed(
75              tmpfs_cmd("touch /some/random/path/test.file"),
76              tmpfs_cmd("test -e /some/random/path/test.file"),
77          )
78          machine.fail("test -e /var/lib/nixos-containers/tmpfs/some/random/path/test.file")
79
80      with subtest(
81          "files created in the hosts container dir in a path where a tmpfs "
82          + "file system has been mounted are not visible to the container as "
83          + "the do not exist in the tmpfs"
84      ):
85          machine.succeed(
86              "touch /var/lib/nixos-containers/tmpfs/var/test.file",
87              "test -e /var/lib/nixos-containers/tmpfs/var/test.file",
88              "ls -l /var/lib/nixos-containers/tmpfs/var/ | grep -q test.file 2>/dev/null",
89          )
90          machine.fail(tmpfs_cmd("ls -l /var | grep -q test.file"))
91    '';
92  }
93)