[PATCH proxmox] oci: ignore tests that require to be run as UID 0

public inbox for pve-devel@lists.proxmox.com
 help / color / mirror / Atom feed

* [PATCH proxmox] oci: ignore tests that require to be run as UID 0
@ 2026-03-09 15:39 Filip Schauer
  2026-03-10  8:40 ` Fabian Grünbichler
  0 siblings, 1 reply; 2+ messages in thread
From: Filip Schauer @ 2026-03-09 15:39 UTC (permalink / raw)
  To: pve-devel

This prevents unprivileged test runs from failing when extracting test
artifacts containing files with UID 0.

The tests can still run without root privileges using a user namespace:
unshare -r cargo test -- --include-ignored

Signed-off-by: Filip Schauer <f.schauer@proxmox.com>
---
 proxmox-oci/tests/extract_replace.rs   | 3 +++
 proxmox-oci/tests/extract_whiteouts.rs | 3 +++
 2 files changed, 6 insertions(+)

diff --git a/proxmox-oci/tests/extract_replace.rs b/proxmox-oci/tests/extract_replace.rs
index eb41f9e3..2c8ea7ed 100644
--- a/proxmox-oci/tests/extract_replace.rs
+++ b/proxmox-oci/tests/extract_replace.rs
@@ -4,6 +4,7 @@ use proxmox_oci::{parse_and_extract_image, Arch};
 use proxmox_sys::fs::make_tmp_dir;
 
 #[test]
+#[ignore = "Must be run as UID 0 (unshare -r cargo test -- --include-ignored)"]
 fn test_replace_file() {
     let extract_dir = make_tmp_dir("/tmp/", None).unwrap();
 
@@ -23,6 +24,7 @@ fn test_replace_file() {
 }
 
 #[test]
+#[ignore = "Must be run as UID 0 (unshare -r cargo test -- --include-ignored)"]
 fn test_replace_file_with_dir() {
     let extract_dir = make_tmp_dir("/tmp/", None).unwrap();
 
@@ -40,6 +42,7 @@ fn test_replace_file_with_dir() {
 }
 
 #[test]
+#[ignore = "Must be run as UID 0 (unshare -r cargo test -- --include-ignored)"]
 fn test_replace_dir_with_file() {
     let extract_dir = make_tmp_dir("/tmp/", None).unwrap();
 
diff --git a/proxmox-oci/tests/extract_whiteouts.rs b/proxmox-oci/tests/extract_whiteouts.rs
index 71ec4dea..0333dac9 100644
--- a/proxmox-oci/tests/extract_whiteouts.rs
+++ b/proxmox-oci/tests/extract_whiteouts.rs
@@ -40,6 +40,7 @@ fn test_whiteout_root_parent_breakout() {
 }
 
 #[test]
+#[ignore = "Must be run as UID 0 (unshare -r cargo test -- --include-ignored)"]
 fn test_whiteout_current_directory() {
     let extract_dir = make_tmp_dir("/tmp/", None).unwrap();
 
@@ -57,6 +58,7 @@ fn test_whiteout_current_directory() {
 }
 
 #[test]
+#[ignore = "Must be run as UID 0 (unshare -r cargo test -- --include-ignored)"]
 fn test_whiteout_symlink() {
     let extract_dir = make_tmp_dir("/tmp/", None).unwrap();
 
@@ -75,6 +77,7 @@ fn test_whiteout_symlink() {
 }
 
 #[test]
+#[ignore = "Must be run as UID 0 (unshare -r cargo test -- --include-ignored)"]
 fn test_whiteout_dead_symlink_parent() {
     let extract_dir = make_tmp_dir("/tmp/", None).unwrap();
 
-- 
2.47.3





^ permalink raw reply	[flat|nested] 2+ messages in thread

* Re: [PATCH proxmox] oci: ignore tests that require to be run as UID 0
  2026-03-09 15:39 [PATCH proxmox] oci: ignore tests that require to be run as UID 0 Filip Schauer
@ 2026-03-10  8:40 ` Fabian Grünbichler
  0 siblings, 0 replies; 2+ messages in thread
From: Fabian Grünbichler @ 2026-03-10  8:40 UTC (permalink / raw)
  To: Filip Schauer, pve-devel

On March 9, 2026 4:39 pm, Filip Schauer wrote:
> This prevents unprivileged test runs from failing when extracting test
> artifacts containing files with UID 0.
> 
> The tests can still run without root privileges using a user namespace:
> unshare -r cargo test -- --include-ignored

before this patch:
- `cargo test -p proxmox-oci` fails (unless you happen to run it as real
  or fake root)
- `make deb` runs the test under fakeroot, so executes them and they
  work
- `make dsc` and building with sbuild+autopkgtest using unshare runs the
  test in a userns as non-privileged user, executes them but they fail
  (unles the debian/tests/control file is extended with `needs-root`)

1/3

after this patch:
- `cargo test -p proxmox-oci` works, but doesn't run the test
- `make deb` works, but doesn't run the test
- `make dsc` works, but doesn't run the test

0/3

so in practice this has roughly the same effect as dropping the tests
enitrely, because nobody will go out of their way to run tests using a
special invocation (we know that, because until we added a `cargo test`
invocation to `make deb` tests would frequently be broken without
anybody noticing..)

I still think either
- creating those tar files on the fly with the current user/group (if
  that makes the tests work!) or
- printing a warning and skipping the test if not root

would be better options, as that would lead to some level of coverage
out of the box..

I'll add control over `needs-root` and the other restrictions to
debcargo to my todo list, so we can at least fix the tests run during
proper package building fixed without the need to manually override the
whole tests control file..

> 
> Signed-off-by: Filip Schauer <f.schauer@proxmox.com>
> ---
>  proxmox-oci/tests/extract_replace.rs   | 3 +++
>  proxmox-oci/tests/extract_whiteouts.rs | 3 +++
>  2 files changed, 6 insertions(+)
> 
> diff --git a/proxmox-oci/tests/extract_replace.rs b/proxmox-oci/tests/extract_replace.rs
> index eb41f9e3..2c8ea7ed 100644
> --- a/proxmox-oci/tests/extract_replace.rs
> +++ b/proxmox-oci/tests/extract_replace.rs
> @@ -4,6 +4,7 @@ use proxmox_oci::{parse_and_extract_image, Arch};
>  use proxmox_sys::fs::make_tmp_dir;
>  
>  #[test]
> +#[ignore = "Must be run as UID 0 (unshare -r cargo test -- --include-ignored)"]
>  fn test_replace_file() {
>      let extract_dir = make_tmp_dir("/tmp/", None).unwrap();
>  
> @@ -23,6 +24,7 @@ fn test_replace_file() {
>  }
>  
>  #[test]
> +#[ignore = "Must be run as UID 0 (unshare -r cargo test -- --include-ignored)"]
>  fn test_replace_file_with_dir() {
>      let extract_dir = make_tmp_dir("/tmp/", None).unwrap();
>  
> @@ -40,6 +42,7 @@ fn test_replace_file_with_dir() {
>  }
>  
>  #[test]
> +#[ignore = "Must be run as UID 0 (unshare -r cargo test -- --include-ignored)"]
>  fn test_replace_dir_with_file() {
>      let extract_dir = make_tmp_dir("/tmp/", None).unwrap();
>  
> diff --git a/proxmox-oci/tests/extract_whiteouts.rs b/proxmox-oci/tests/extract_whiteouts.rs
> index 71ec4dea..0333dac9 100644
> --- a/proxmox-oci/tests/extract_whiteouts.rs
> +++ b/proxmox-oci/tests/extract_whiteouts.rs
> @@ -40,6 +40,7 @@ fn test_whiteout_root_parent_breakout() {
>  }
>  
>  #[test]
> +#[ignore = "Must be run as UID 0 (unshare -r cargo test -- --include-ignored)"]
>  fn test_whiteout_current_directory() {
>      let extract_dir = make_tmp_dir("/tmp/", None).unwrap();
>  
> @@ -57,6 +58,7 @@ fn test_whiteout_current_directory() {
>  }
>  
>  #[test]
> +#[ignore = "Must be run as UID 0 (unshare -r cargo test -- --include-ignored)"]
>  fn test_whiteout_symlink() {
>      let extract_dir = make_tmp_dir("/tmp/", None).unwrap();
>  
> @@ -75,6 +77,7 @@ fn test_whiteout_symlink() {
>  }
>  
>  #[test]
> +#[ignore = "Must be run as UID 0 (unshare -r cargo test -- --include-ignored)"]
>  fn test_whiteout_dead_symlink_parent() {
>      let extract_dir = make_tmp_dir("/tmp/", None).unwrap();
>  
> -- 
> 2.47.3
> 
> 
> 
> 
> 
> 




^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2026-03-10  8:40 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2026-03-09 15:39 [PATCH proxmox] oci: ignore tests that require to be run as UID 0 Filip Schauer
2026-03-10  8:40 ` Fabian Grünbichler

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox

Service provided by Proxmox Server Solutions GmbH | Privacy | Legal