Re: [Qemu-devel] [PATCH v2 2/5] tests/docker: add podman support

From: Paolo Bonzini <pbonzini@redhat.com>
To: "Marc-André Lureau" <marcandre.lureau@redhat.com>, debarshi@redhat.com
Cc: "Fam Zheng" <fam@euphon.net>,
	"P. Berrange, Daniel" <berrange@redhat.com>,
	"Alex Bennée" <alex.bennee@linaro.org>,
	qemu-devel <qemu-devel@nongnu.org>,
	"Gerd Hoffmann" <kraxel@redhat.com>,
	"Debarshi Ray" <rishi@redhat.com>,
	"Philippe Mathieu-Daudé" <philmd@redhat.com>
Subject: Re: [Qemu-devel] [PATCH v2 2/5] tests/docker: add podman support
Date: Wed, 10 Jul 2019 11:44:28 +0200	[thread overview]
Message-ID: <d8e76f7d-a96f-3ed4-4c6e-d9ad48b5490e@redhat.com> (raw)
In-Reply-To: <CAMxuvay5jPM6AnsZtLYvVB+nb4nopGnRP=BWxUctA1aZNaMdog@mail.gmail.com>

On 10/07/19 10:39, Marc-André Lureau wrote:
>> Why not do this in docker.py (either as part of patch 1 or separately)?
>>  Also, can you document in a comment why this is not needed with docker?
>
> Doing it in docker.py would probably mean parsing and tweaking
> arguments given to Docker.run(). Since it's a "temporary" work around,
> I would rather have it at the top-level caller, in the Makefile.

On the other hand that splits the choice of docker vs. podman in two 
places, and Python is a better place to implement workarounds.

It's not hard to move the workaround there.  The "-u $(shell id -u)" 
option could be replaced by a "--run-as-current-user" option parsed by 
RunCommand, not unlike --add-current-user that BuildCommand already 
supports.

Something like this (untested of course :)):

diff --git a/tests/docker/Makefile.include b/tests/docker/Makefile.include
index aaf5396b85..019191f1a1 100644
--- a/tests/docker/Makefile.include
+++ b/tests/docker/Makefile.include
@@ -212,7 +212,7 @@ docker-run: docker-qemu-src
 			"  COPYING $(EXECUTABLE) to $(IMAGE)"))
 	$(call quiet-command,						\
 		$(DOCKER_SCRIPT) run 					\
-			$(if $(NOUSER),,-u $(shell id -u)) 		\
+			$(if $(NOUSER),,--run-as-current-user) 		\
 			--security-opt seccomp=unconfined		\
 			$(if $V,,--rm) 					\
 			$(if $(DEBUG),-ti,)				\
diff --git a/tests/docker/docker.py b/tests/docker/docker.py
index 53a8c9c801..92c02aeed8 100755
--- a/tests/docker/docker.py
+++ b/tests/docker/docker.py
@@ -333,8 +333,12 @@ class RunCommand(SubCommand):
     def args(self, parser):
         parser.add_argument("--keep", action="store_true",
                             help="Don't remove image when command completes")
+        parser.add_argument("--run-as-current-user", action="store_true",
+                            help="Run container using the current user's uid")
 
     def run(self, args, argv):
+        if args.use_current_user:
+            argv = [ "-u", str(os.getuid()) ] + argv
         return Docker().run(argv, args.keep, quiet=args.quiet)
 
 

Paolo

> I am not very familiar with podman or docker, so I am not able to tell
> you why docker does work by default.  @Debarshi Ray might know, as he
> helped me finding a workaround.


