Author: eelco
Date: Tue Aug 9 14:07:44 2011
New Revision: 28429
URL: https://svn.nixos.org/websvn/nix/?rev=28429&sc=1
Log:
* For security, don't mount the entire host filesystem.
Modified:
nixos/trunk/lib/test-driver/Machine.pm
nixos/trunk/lib/test-driver/test-driver.pl
nixos/trunk/lib/testing.nix
nixos/trunk/modules/services/web-servers/apache-httpd/default.nix
nixos/trunk/modules/testing/test-instrumentation.nix
nixos/trunk/modules/virtualisation/qemu-vm.nix
Modified: nixos/trunk/lib/test-driver/Machine.pm
==============================================================================
--- nixos/trunk/lib/test-driver/Machine.pm Tue Aug 9 14:06:04 2011
(r28428)
+++ nixos/trunk/lib/test-driver/Machine.pm Tue Aug 9 14:07:44 2011
(r28429)
@@ -127,7 +127,6 @@
"-no-reboot -monitor unix:./monitor -chardev
socket,id=shell,path=./shell " .
"-device virtio-serial -device virtconsole,chardev=shell " .
($showGraphics ? "-serial stdio" : "-nographic") . " " .
($ENV{QEMU_OPTS} || "");
- $ENV{QEMU_KERNEL_PARAMS} = "hostTmpDir=$ENV{TMPDIR}";
chdir $self->{stateDir} or die;
exec $self->{startCommand};
die "running VM script: $!";
Modified: nixos/trunk/lib/test-driver/test-driver.pl
==============================================================================
--- nixos/trunk/lib/test-driver/test-driver.pl Tue Aug 9 14:06:04 2011
(r28428)
+++ nixos/trunk/lib/test-driver/test-driver.pl Tue Aug 9 14:07:44 2011
(r28429)
@@ -129,7 +129,7 @@
# sources.
my $kernelDir = $vm->mustSucceed("echo \$(dirname \$(readlink -f
/var/run/current-system/kernel))/.build/linux-*");
chomp $kernelDir;
- my $coverageDir = "/hostfs" . $vm->stateDir() .
"/coverage-data/$kernelDir";
+ my $coverageDir = "/tmp/xchg/coverage-data/$kernelDir";
# Copy all the *.gcda files.
$vm->execute("for d in $gcovDir/nix/store/*/.build/linux-*; do for
i in \$(cd \$d && find -name '*.gcda'); do echo \$i; mkdir -p
$coverageDir/\$(dirname \$i); cp -v \$d/\$i $coverageDir/\$i; done; done");
Modified: nixos/trunk/lib/testing.nix
==============================================================================
--- nixos/trunk/lib/testing.nix Tue Aug 9 14:06:04 2011 (r28428)
+++ nixos/trunk/lib/testing.nix Tue Aug 9 14:07:44 2011 (r28429)
@@ -59,9 +59,9 @@
touch $out/nix-support/hydra-build-products
echo "report testlog $out log.html" >>
$out/nix-support/hydra-build-products
- for i in */coverage-data; do
+ for i in */xchg/coverage-data; do
mkdir -p $out/coverage-data
- mv $i $out/coverage-data/$(dirname $i)
+ mv $i $out/coverage-data/$(dirname $(dirname $i))
done
[ -z "$failed" ] || touch $out/nix-support/failed
@@ -193,13 +193,14 @@
testscript = ''
startAll;
${preBuild}
- $client->succeed("env -i ${pkgs.bash}/bin/bash ${buildrunner}
/hostfs".$client->stateDir."/saved-env >&2");
+ $client->succeed("env -i ${pkgs.bash}/bin/bash ${buildrunner}
/tmp/xchg/saved-env >&2");
${postBuild}
'';
vmRunCommand = writeText "vm-run" ''
- ${coreutils}/bin/mkdir -p vm-state-client
- export > vm-state-client/saved-env
+ ${coreutils}/bin/mkdir $out
+ ${coreutils}/bin/mkdir -p vm-state-client/xchg
+ export > vm-state-client/xchg/saved-env
export tests='${testscript}'
${testDriver}/bin/nixos-test-driver
${vm.config.system.build.vm}/bin/run-*-vm
''; # */
Modified: nixos/trunk/modules/services/web-servers/apache-httpd/default.nix
==============================================================================
--- nixos/trunk/modules/services/web-servers/apache-httpd/default.nix Tue Aug
9 14:06:04 2011 (r28428)
+++ nixos/trunk/modules/services/web-servers/apache-httpd/default.nix Tue Aug
9 14:07:44 2011 (r28429)
@@ -558,22 +558,17 @@
startOn = "started ${startingDependency} and filesystem";
environment =
- { # !!! This should be added in test-instrumentation.nix. It
- # shouldn't hurt though, since packages usually aren't built
- # with coverage enabled.
- GCOV_PREFIX = "/tmp/coverage-data";
+ { PATH = concatStringsSep ":" (
+ [ "${pkgs.coreutils}/bin" "${pkgs.gnugrep}/bin" ]
+ ++ # Needed for PHP's mail() function. !!! Probably the
+ # ssmtp module should export the path to sendmail in
+ # some way.
+ optional config.networking.defaultMailServer.directDelivery
"${pkgs.ssmtp}/sbin"
+ ++ (concatMap (svc: svc.extraServerPath) allSubservices) );
- PATH = concatStringsSep ":" (
- [ "${pkgs.coreutils}/bin" "${pkgs.gnugrep}/bin" ]
- ++ # Needed for PHP's mail() function. !!! Probably the
- # ssmtp module should export the path to sendmail in
- # some way.
- optional config.networking.defaultMailServer.directDelivery
"${pkgs.ssmtp}/sbin"
- ++ (concatMap (svc: svc.extraServerPath) allSubservices) );
+ PHPRC = if enablePHP then phpIni else "";
- PHPRC = if enablePHP then phpIni else "";
-
- TZ = config.time.timeZone;
+ TZ = config.time.timeZone;
} // (listToAttrs (concatMap (svc: svc.globalEnvVars)
allSubservices));
Modified: nixos/trunk/modules/testing/test-instrumentation.nix
==============================================================================
--- nixos/trunk/modules/testing/test-instrumentation.nix Tue Aug 9
14:06:04 2011 (r28428)
+++ nixos/trunk/modules/testing/test-instrumentation.nix Tue Aug 9
14:07:44 2011 (r28429)
@@ -64,13 +64,8 @@
# to failures that are hard to diagnose.
echo 2 > /proc/sys/vm/panic_on_oom
- # Coverage data is written into /tmp/coverage-data. Symlink
- # it to the host filesystem so that we don't need to copy it
- # on shutdown.
- ( eval $(cat /proc/cmdline)
- mkdir -p /hostfs/$hostTmpDir/coverage-data
- ln -sfn /hostfs/$hostTmpDir/coverage-data /tmp/coverage-data
- )
+ # Coverage data is written into /tmp/coverage-data.
+ mkdir -p /tmp/xchg/coverage-data
# Mount debugfs to gain access to the kernel coverage data (if
# available).
@@ -103,7 +98,7 @@
networking.defaultGateway = mkOverride 150 "";
networking.nameservers = mkOverride 150 [ ];
- system.upstartEnvironment.GCOV_PREFIX = "/tmp/coverage-data";
+ system.upstartEnvironment.GCOV_PREFIX = "/tmp/xchg/coverage-data";
};
Modified: nixos/trunk/modules/virtualisation/qemu-vm.nix
==============================================================================
--- nixos/trunk/modules/virtualisation/qemu-vm.nix Tue Aug 9 14:06:04
2011 (r28428)
+++ nixos/trunk/modules/virtualisation/qemu-vm.nix Tue Aug 9 14:07:44
2011 (r28429)
@@ -153,6 +153,7 @@
TMPDIR=$(mktemp -d nix-vm-smbd.XXXXXXXXXX --tmpdir)
fi
cd $TMPDIR
+ mkdir -p $TMPDIR/xchg
${pkgs.vmTools.startSamba}
@@ -310,16 +311,16 @@
[ { mountPoint = "/";
device = "/dev/vda";
}
- { mountPoint = "/hostfs";
- device = "//10.0.2.4/qemu";
+ { mountPoint = "/nix/store";
+ device = "//10.0.2.4/store";
fsType = "cifs";
options = "guest,sec=none,noperm,noacl";
neededForBoot = true;
}
- { mountPoint = "/nix/store";
- device = "/hostfs/nix/store";
- fsType = "none";
- options = "bind";
+ { mountPoint = "/tmp/xchg";
+ device = "//10.0.2.4/xchg";
+ fsType = "cifs";
+ options = "guest,sec=none,noperm,noacl";
neededForBoot = true;
}
] ++ optional cfg.useBootLoader
_______________________________________________
nix-commits mailing list
[email protected]
http://mail.cs.uu.nl/mailman/listinfo/nix-commits
