github.com/opencontainers/runc@v1.2.0-rc.1.0.20240520010911-492dc558cdd6/Vagrantfile.fedora

github.com/opencontainers/runc@v1.2.0-rc.1.0.20240520010911-492dc558cdd6/Vagrantfile.fedora (about)

     1  # -*- mode: ruby -*-
     2  # vi: set ft=ruby :
     3  
     4  Vagrant.configure("2") do |config|
     5  # Fedora box is used for testing cgroup v2 support
     6    config.vm.box = "fedora/39-cloud-base"
     7    config.vm.provider :virtualbox do |v|
     8      v.memory = 2048
     9      v.cpus = 2
    10    end
    11    config.vm.provider :libvirt do |v|
    12      v.memory = 2048
    13      v.cpus = 2
    14    end
    15    config.vm.provision "shell", inline: <<-SHELL
    16      set -e -u -o pipefail
    17      # Work around dnf mirror failures by retrying a few times
    18      for i in $(seq 0 2); do
    19        sleep $i
    20        # "config exclude" dnf shell command is not working in Fedora 35
    21        # (see https://bugzilla.redhat.com/show_bug.cgi?id=2022571);
    22        # the workaround is to specify it as an option.
    23        cat << EOF | dnf -y --exclude=kernel,kernel-core shell && break
    24  config install_weak_deps false
    25  update
    26  install iptables gcc golang-go make glibc-static libseccomp-devel bats jq git-core criu fuse-sshfs container-selinux
    27  ts run
    28  EOF
    29      done
    30      dnf clean all
    31  
    32      # To avoid "avc: denied { nosuid_transition }" from SELinux as we run tests on /tmp.
    33      mount -o remount,suid /tmp
    34  
    35      # Prevent the "fatal: unsafe repository" git complain during build.
    36      git config --global --add safe.directory /vagrant
    37  
    38      # Add a user for rootless tests
    39      useradd -u2000 -m -d/home/rootless -s/bin/bash rootless
    40  
    41      # Allow root and rootless itself to execute `ssh rootless@localhost` in tests/rootless.sh
    42      ssh-keygen -t ecdsa -N "" -f /root/rootless.key
    43      mkdir -m 0700 -p /home/rootless/.ssh
    44      cp /root/rootless.key /home/rootless/.ssh/id_ecdsa
    45      cat /root/rootless.key.pub >> /home/rootless/.ssh/authorized_keys
    46      chown -R rootless.rootless /home/rootless
    47  
    48      # Delegate cgroup v2 controllers to rootless user via --systemd-cgroup
    49      mkdir -p /etc/systemd/system/user@.service.d
    50      cat > /etc/systemd/system/user@.service.d/delegate.conf << EOF
    51  [Service]
    52  # default: Delegate=pids memory
    53  # NOTE: delegation of cpuset requires systemd >= 244 (Fedora >= 32, Ubuntu >= 20.04).
    54  Delegate=yes
    55  EOF
    56      systemctl daemon-reload
    57    SHELL
    58  end