Skip to content

Add a simple test for the newly introduced read-only virtiofs#638

Merged
slp merged 3 commits intocontainers:mainfrom
mtjhrc:test-ro-root
Apr 21, 2026
Merged

Add a simple test for the newly introduced read-only virtiofs#638
slp merged 3 commits intocontainers:mainfrom
mtjhrc:test-ro-root

Conversation

@mtjhrc
Copy link
Copy Markdown
Collaborator

@mtjhrc mtjhrc commented Apr 16, 2026

This PR adds a smoke test that asserts basic mutation operations fail on a read-only virtiofs root. Note, that this is not exhaustive and for a security sensitive test it would also be better to bypass the guest kernel and execute the virtiofs commands directly.

@mtjhrc mtjhrc added the 1.x label Apr 16, 2026
@mtjhrc mtjhrc force-pushed the test-ro-root branch 2 times, most recently from d4a574c to 2cf3c8b Compare April 17, 2026 11:10
mtjhrc added 2 commits April 17, 2026 14:26
@mtjhrc
tests: skip guest unit tests on non-Linux hosts
a220801 
Guest code may use Linux-only libc calls that won't compile with
other toolchains.

Signed-off-by: Matej Hrica <mhrica@redhat.com>
@mtjhrc
tests: extract setup_rootfs() from setup_fs_and_enter()
396d1a6 
Allow tests that need custom root configuration (e.g. read-only mounts
via krun_add_virtiofs3) to reuse rootfs directory creation and
guest-agent copying without being forced into krun_set_root +
krun_start_enter.

Signed-off-by: Matej Hrica <mhrica@redhat.com>
@slp
Copy link
Copy Markdown
Collaborator

slp commented Apr 20, 2026

/gemini review

gemini-code-assist[bot]
gemini-code-assist Bot reviewed Apr 20, 2026
View reviewed changes
Copy link
Copy Markdown

@gemini-code-assist gemini-code-assist Bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review

This pull request introduces a new smoke test, virtiofs-root-ro, to verify that mutation operations fail on a read-only virtiofs root. It also refactors the test setup logic to allow manual root filesystem configuration and restricts unit tests to Linux environments. Feedback suggests replacing an unreachable!() macro with a successful return to handle normal VM shutdown and using the nix crate's safe wrappers for extended attribute operations to improve code safety.

Comment thread tests/test_cases/src/test_virtiofs_root_ro.rs Outdated
Comment thread tests/test_cases/src/test_virtiofs_root_ro.rs
@mtjhrc
tests: add virtiofs-root-ro test
ccebf0d 
Verify that krun_add_virtiofs3 with KRUN_FS_ROOT_TAG and read_only=true
correctly exposes the root filesystem as read-only to the guest.

Signed-off-by: Matej Hrica <mhrica@redhat.com>
@slp
Copy link
Copy Markdown
Collaborator

slp commented Apr 21, 2026

LGTM, thanks!

@slp slp merged commit ab8946a into containers:main Apr 21, 2026
11 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@slp slp slp approved these changes

@dorindabassey dorindabassey Awaiting requested review from dorindabassey dorindabassey is a code owner

@jakecorrenti jakecorrenti Awaiting requested review from jakecorrenti jakecorrenti is a code owner

@MatiasVara MatiasVara Awaiting requested review from MatiasVara MatiasVara is a code owner

@tylerfanelli tylerfanelli Awaiting requested review from tylerfanelli tylerfanelli is a code owner

+1 more reviewer

@gemini-code-assist gemini-code-assist[bot] gemini-code-assist[bot] left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

1.x

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@mtjhrc @slp