diff mbox series

[10/28] check-parallel: use PID namespaces for runner process isolation

Message ID 20250417031208.1852171-11-david@fromorbit.com (mailing list archive)
State New
Headers show
Series check-parallel: Running tests without check | expand

Commit Message

Dave Chinner April 17, 2025, 3 a.m. UTC 
From: Dave Chinner <dchinner@redhat.com>

This provides isolation between individual runners so that they
cannot see the processes that other test runners have created.
This means tools like pkill will only find processes run by the test
that is calling it, hence there is no danger that it might kill
processes owned by a different test in a different runner context.

This means we need to turn of private pid/mount namespaces inside
check itself - nesting private namespaces causes all sorts of weird
TEST_DIR mount issues with SELinux disallowing TEST_DIR mounts.

Note that this also regresses generic/504 for check-parallel,
because it triggers looking at the init namespace from
FSTESTS_ISOL=privatens and this variable is not exported to test
subprocesses anymore.

Signed-off-by: Dave Chinner <dchinner@redhat.com>
---
 check-parallel | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)
diff mbox series

Patch

diff --git a/check-parallel b/check-parallel
index 19f2d2b0c..aa88c681e 100755
--- a/check-parallel
+++ b/check-parallel
@@ -267,14 +267,18 @@  runner_go()
 	rm -f $RESULT_BASE/check.*
 
 	# Only supports default mkfs parameters right now
-	wipefs -a $TEST_DEV > /dev/null 2>&1
-	yes | mkfs -t $FSTYP $TEST_MKFS_OPTS $TEST_DEV > /dev/null 2>&1
+	wipefs -a $TEST_DEV > $me/log 2>&1
+	yes | mkfs -t $FSTYP $TEST_MKFS_OPTS $TEST_DEV >> $me/log 2>&1
 
 #	export DUMP_CORRUPT_FS=1
 
 	# Run the tests in it's own mount namespace, as per the comment below
 	# that precedes making the basedir a private mount.
-	./src/nsexec -m ./check $run_section -x unreliable_in_parallel --exact-order ${runner_list[$id]} > $me/log 2>&1
+	#
+	# Similarly, we need to run check in it's own PID namespace so that
+	# operations like pkill only affect the runner instance, not globally
+	# kill processes from other check instances.
+	tools/run_privatens ./check $run_section -x unreliable_in_parallel --exact-order ${runner_list[$id]} >> $me/log 2>&1
 
 	wait
 	sleep 1