From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <SRS0=MUdl=LP=lists.denx.de=u-boot-bounces@kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-10.7 required=3.0 tests=BAYES_00,DKIM_SIGNED,
	DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM,
	HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_PATCH,MAILING_LIST_MULTI,SPF_HELO_NONE,
	SPF_PASS,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0
Received: from mail.kernel.org (mail.kernel.org [198.145.29.99])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 839FAC4743C
	for <u-boot@archiver.kernel.org>; Mon, 21 Jun 2021 18:52:20 +0000 (UTC)
Received: from phobos.denx.de (phobos.denx.de [85.214.62.61])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by mail.kernel.org (Postfix) with ESMTPS id 8CB2860231
	for <u-boot@archiver.kernel.org>; Mon, 21 Jun 2021 18:52:19 +0000 (UTC)
DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 8CB2860231
Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=gmail.com
Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de
Received: from h2850616.stratoserver.net (localhost [IPv6:::1])
	by phobos.denx.de (Postfix) with ESMTP id 34E8582958;
	Mon, 21 Jun 2021 20:52:16 +0200 (CEST)
Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=gmail.com
Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de
Authentication-Results: phobos.denx.de;
	dkim=pass (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.b="mfyD4bTo";
	dkim-atps=neutral
Received: by phobos.denx.de (Postfix, from userid 109)
 id A02B682976; Mon, 21 Jun 2021 20:52:14 +0200 (CEST)
Received: from mail-ej1-x632.google.com (mail-ej1-x632.google.com
 [IPv6:2a00:1450:4864:20::632])
 (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits))
 (No client certificate requested)
 by phobos.denx.de (Postfix) with ESMTPS id F08A780563
 for <u-boot@lists.denx.de>; Mon, 21 Jun 2021 20:52:10 +0200 (CEST)
Authentication-Results: phobos.denx.de;
 dmarc=pass (p=none dis=none) header.from=gmail.com
Authentication-Results: phobos.denx.de;
 spf=pass smtp.mailfrom=alpernebiyasak@gmail.com
Received: by mail-ej1-x632.google.com with SMTP id dm5so18110239ejc.9
 for <u-boot@lists.denx.de>; Mon, 21 Jun 2021 11:52:10 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
 h=from:to:cc:subject:date:message-id:mime-version
 :content-transfer-encoding;
 bh=pQhnPANTriVd+5r30wyPGBjbBSBnK28OJwovhCY5KH8=;
 b=mfyD4bToMLxI8+9WYtMol+6qABObxJigCMqY3GFBE5qMIByO2muQwROf4xeGhwx/FN
 xR0JQT6zx5T5zDSN0Ev68TmUU223ZRaq9f+3kXLYC4sOxo2DQLo/suYEFYl+TamP5H0L
 c3YeLCLrz9o6XGwehY/8EUmXmJVKqXSqfVFwUuhu8ZajqwtrOsxPYIrJzq77ob0aj/5M
 fTT3UNzcRWBOhBX8Ez4Y/BZ0JST6zoo8f4/TmL7OewFuaZ8y5UI/ZrlBL1fKqW+Vf+5K
 c8rHex+8DTTFuEbNzf1F+CWxLfhjsRhZNRV7M2OVu1BF0ITAMc6GkjfbtpJptaJKEMtI
 ijhw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:from:to:cc:subject:date:message-id:mime-version
 :content-transfer-encoding;
 bh=pQhnPANTriVd+5r30wyPGBjbBSBnK28OJwovhCY5KH8=;
 b=OHXp8BBcitc7+rgWDsLyYMdAFO/rkCnnF/3196Ilq4iOcTeBO6OK+Kh25R+AgB+CcD
 JQvRj1653qguxQTaudT8pwUP6kbwJ9J86TN1bmJtigLJazSTYGfIVbTS9uF0tUNJnR7H
 /lDQcC4Owmh9/4JShGqYUcaDcvFvNkLsSKdkSvMkHuUcOUVovb50iL2IGkc2ks+vG0II
 5AhoHngj7mPCemtrsoTT6IkOfzPzE9oVX7lgLdCBcaeFWrtz4iDCfHurY6k5c8pa/ybW
 iJ6jLt3G100Wsfhj8KnTGMAIBGqEW4xe11Pw9JFyFJ2svdmZTt+hWABQmaDcSz7qE2+s
 hBzg==
X-Gm-Message-State: AOAM532jM2G2fIqxzTSDU2dgqyXiw9ekQWlInVYEEtZkkkXseCrxPU7P
 4X2IapiRtckY3zph72PQiD1plt8MO7I=
X-Google-Smtp-Source: ABdhPJwyvCETumel3QHiFkzC2/rlUk97oSw1TPZIWCPYr/3hDPpmhoDAvXua2aytpzLBGktMINqf9Q==
X-Received: by 2002:a17:906:fb0f:: with SMTP id
 lz15mr12077612ejb.545.1624301530535; 
 Mon, 21 Jun 2021 11:52:10 -0700 (PDT)
Received: from localhost.localdomain ([178.233.26.119])
 by smtp.gmail.com with ESMTPSA id n11sm5205690ejg.43.2021.06.21.11.52.07
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Mon, 21 Jun 2021 11:52:10 -0700 (PDT)
From: Alper Nebi Yasak <alpernebiyasak@gmail.com>
To: u-boot@lists.denx.de
Cc: Daniel Schwierzeck <daniel.schwierzeck@gmail.com>,
 Simon Glass <sjg@chromium.org>, Bin Meng <bmeng.cn@gmail.com>,
 AKASHI Takahiro <takahiro.akashi@linaro.org>,
 Heinrich Schuchardt <xypron.glpk@gmx.de>,
 Marek Vasut <marek.vasut@gmail.com>, Tom Rini <trini@konsulko.com>,
 Alper Nebi Yasak <alpernebiyasak@gmail.com>
Subject: [PATCH v3 0/3] Fix CIs skipping filesystem,
 EFI secure boot and EFI capsule tests
Date: Mon, 21 Jun 2021 21:51:53 +0300
Message-Id: <20210621185156.9108-1-alpernebiyasak@gmail.com>
X-Mailer: git-send-email 2.32.0
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-BeenThere: u-boot@lists.denx.de
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: U-Boot discussion <u-boot.lists.denx.de>
List-Unsubscribe: <https://lists.denx.de/options/u-boot>,
 <mailto:u-boot-request@lists.denx.de?subject=unsubscribe>
List-Archive: <https://lists.denx.de/pipermail/u-boot/>
List-Post: <mailto:u-boot@lists.denx.de>
List-Help: <mailto:u-boot-request@lists.denx.de?subject=help>
List-Subscribe: <https://lists.denx.de/listinfo/u-boot>,
 <mailto:u-boot-request@lists.denx.de?subject=subscribe>
Errors-To: u-boot-bounces@lists.denx.de
Sender: "U-Boot" <u-boot-bounces@lists.denx.de>
X-Virus-Scanned: clamav-milter 0.103.2 at phobos.denx.de
X-Virus-Status: Clean

After my previous patch to fix filesystem tests [1] was merged, I
noticed the GitLab CI was still skipping them and wanted to figure out
why. In short: libguestfs tools (virt-make-fs, guestmount) fail because
they need an installed kernel and the host /dev/fuse device, loop mounts
need the host /dev/loop* devices, and mounting filesystems (loop and
guestmount) fails because Docker containers need extra permissions to
mount devices normally disabled for host security.

[1] https://patchwork.ozlabs.org/project/uboot/patch/20210520190947.21773-1-alpernebiyasak@gmail.com/

Patch #1 is meant to install a kernel into the container image that
libguestfs can use, but the image will need to be regenerated manually.

Patch #2 makes virt-make-fs work, which should make these EFI tests run
again. But guestmount doesn't work with this much because it needs more
permissions to actually mount a filesystem.

Patch #3 makes mounting filesystems and loop devices work, which should
make the filesystem tests run again. This is separate from patch #2
because the parts using guestmount can theoretically be rewritten to use
guestfish which would make the filesystem tests work without this patch,
and giving mount permissions to the container processes seem to be
insecure. So, this patch can be dropped if you think the impact isn't
worth it.

Similar changes to patch #2, #3 should be applicable to the GitLab CI
and probably necessary to get the same effect, but I don't think its
configuration is accessible to me.

Changes in v3:
- Only set /boot/vmlinu* as readable.

v2: https://patchwork.ozlabs.org/project/uboot/list/?series=248583

Changes in v2:
- Always pass in /dev/fuse to Azure's docker run invocation.
- Drop patch to install kernel in CI scripts

v1: https://patchwork.ozlabs.org/project/uboot/list/?series=247294

Alper Nebi Yasak (3):
  tools: docker: Install a readable kernel for libguestfs-tools
  Azure: Add fuse device for test.py tests
  Azure: Add loop devices and CAP_SYS_ADMIN for sandbox test.py tests

 .azure-pipelines.yml    | 17 ++++++++++++++++-
 tools/docker/Dockerfile |  4 ++++
 2 files changed, 20 insertions(+), 1 deletion(-)

-- 
2.32.0