On Thu, Mar 06, 2025 at 05:49:23PM +0800, Zorro Lang wrote:
> Currently we have 3 ways to run a test case in _run_seq():
>
> if [ -n "${HAVE_PRIVATENS}" ]; then
> ./tools/run_privatens "./$seq"
> ...
> elif [ -n "${HAVE_SYSTEMD_SCOPES}" ]; then
> systemd-run --quiet --unit "${unit}" --scope \
> ./tools/run_setsid "./$seq" &
> ...
> else
> ./tools/run_setsid "./$seq" &
> ...
> fi
>
> The "privatens" way brings in some regressions. We need more time
> to develop and test this way, it's not time let it to be the
> first default choice, so isolate the HAVE_PRIVATENS initialization
> by a TRY_PRIVATENS parameter, and disable it by default.
>
> Set TRY_PRIVATENS=yes to give "privatens" a try, otherwise run in
> old ways. This patch can be removed after "privatens" way is stable.
>
> Signed-off-by: Zorro Lang <zlang@xxxxxxxxxx>
> Reviewed-by: "Darrick J. Wong" <djwong@xxxxxxxxxx>
> ---
> check | 11 +++++++----
> 1 file changed, 7 insertions(+), 4 deletions(-)
>
> diff --git a/check b/check
> index ea92b0d62..cb2f19d08 100755
> --- a/check
> +++ b/check
> @@ -674,10 +674,13 @@ _stash_test_status() {
> esac
> }
>
> -# Can we run in a private pid/mount namespace?
> -HAVE_PRIVATENS=
> -./tools/run_privatens bash -c "exit 77"
> -test $? -eq 77 && HAVE_PRIVATENS=yes
> +# Don't try "privatens" by default, it's experimental for now.
> +if [ "$TRY_PRIVATENS" = "yes" ];then
> + # Can we run in a private pid/mount namespace?
> + HAVE_PRIVATENS=
> + ./tools/run_privatens bash -c "exit 77"
> + test $? -eq 77 && HAVE_PRIVATENS=yes
> +fi
Works for me - I have basically the same patch in my check-parallel
stack because this breaks check-parallel mount namespacing for
reasons I don't yet understand.
Creating a new mount namespace for each test that is run appears
to turn the private mount namespace that each check instance is
executed in back into a globally shared mount namespace inside
each individual test mount namespace.
i.e. when check uses private namespaces I can see all the mounts
from inside each test namespace from the init namespace and every
test can see every mount that every other test runs again.
That is the problem I originally used mount namespaces in
check-parallel to avoid.
I have no idea if this is how mount namespace nesting is actually
supposed to work (seems completely broken to me!), but the only
solution I've found that works so far is to turn off HAVE_PRIVATENS
in check as it is redundant when it is run from check-parallel.
FWIW, given that check-parallel now runs in it's own private PID
namespace with it's own /proc and /tmp, the original problem of
needing to "confine pkill to only the child processes of this test
instance" has gone away entirely. i.e. check-parallel does not need check to
to restrict pkill to children of the current test being run anymore.
Hence I think we can probably remove the new process isolation
shenanigans and revert the _pkill wrappers to plain pkill calls
again as the private PID namespacing the check-parallel does means
pkill does the right thing for both check and check-parallel now.
-Dave.
--
Dave Chinner
david@xxxxxxxxxxxxx
