diff options
| author | Markus Pettersson <markus.pettersson@mullvad.net> | 2025-10-06 17:37:19 +0200 |
|---|---|---|
| committer | Markus Pettersson <markus.pettersson@mullvad.net> | 2025-11-03 09:57:35 +0100 |
| commit | feecc77ce9386c694ec7473d6b09485d068f14e1 (patch) | |
| tree | 72292fdf8f24848a5710e97e6e4e3feb7757b4bc | |
| parent | d612fa4b927f3d4068c2a1c99cd467f10ddbf861 (diff) | |
| download | mullvadvpn-feecc77ce9386c694ec7473d6b09485d068f14e1.tar.xz mullvadvpn-feecc77ce9386c694ec7473d6b09485d068f14e1.zip | |
Fix invocation of `sysctl`, `nft` & `dnsmasq` in test-manager
Run them by absolute path instead. Non-root users does not have `sbin`
in path on Debian.
| -rw-r--r-- | test/README.md | 5 | ||||
| -rw-r--r-- | test/test-manager/src/vm/network/linux.rs | 35 |
2 files changed, 19 insertions, 21 deletions
diff --git a/test/README.md b/test/README.md index 955dbe68fc..fea575425f 100644 --- a/test/README.md +++ b/test/README.md @@ -65,9 +65,12 @@ dnf install git gcc protobuf-devel libpcap-devel qemu \ #### Debian / Ubuntu ```bash -apt install qemu-utils qemu-system-x86 libpcap-dev slirp4netns rootlesskit dnsmasq +apt install qemu-utils qemu-system-x86 libpcap-dev slirp4netns rootlesskit dnsmasq nftables ``` +##### Note for Debian +By default `sysctl` is only invokable by root. + ## Setting up testing environment First you need to build the images for running tests on, see [`BUILD_OS_IMAGE.md`](./docs/BUILD_OS_IMAGE.md). The `test-manager` then needs to be configured to use the image. diff --git a/test/test-manager/src/vm/network/linux.rs b/test/test-manager/src/vm/network/linux.rs index b6df187dcc..d6f12df6b0 100644 --- a/test/test-manager/src/vm/network/linux.rs +++ b/test/test-manager/src/vm/network/linux.rs @@ -219,7 +219,8 @@ impl NetworkHandle { /// dnsmasq will serve IPv4 addresses within the range [TEST_SUBNET_IPV4_DHCP] using regular DHCP. /// It will also advertise SLAAC for IPv6 within [TEST_SUBNET_IPV6]. async fn start_dnsmasq() -> Result<DhcpProcHandle> { - let mut cmd = Command::new("dnsmasq"); + let dnsmasq = "/usr/sbin/dnsmasq"; + let mut cmd = Command::new(dnsmasq); cmd.kill_on_drop(true); cmd.stdout(Stdio::piped()); @@ -350,11 +351,9 @@ where } pub async fn run_nft(input: &str) -> Result<()> { - let mut cmd = Command::new("nft"); - cmd.args(["-f", "-"]); - - cmd.stdin(Stdio::piped()); - + let nft = "/usr/sbin/nft"; + let mut cmd = Command::new(nft); + cmd.args(["-f", "-"]).stdin(Stdio::piped()); let mut child = cmd.spawn().map_err(Error::NftStart)?; let mut stdin = child.stdin.take().unwrap(); @@ -373,19 +372,15 @@ pub async fn run_nft(input: &str) -> Result<()> { } async fn enable_forwarding() -> Result<()> { - let mut cmd = Command::new("sysctl"); - cmd.arg("net.ipv4.ip_forward=1"); - let output = cmd.output().await.map_err(Error::SysctlStart)?; - if !output.status.success() { - return Err(Error::SysctlFailed(output.status.code().unwrap())); - } - - let mut cmd = Command::new("sysctl"); - cmd.arg("net.ipv6.conf.all.forwarding=1"); - let output = cmd.output().await.map_err(Error::SysctlStart)?; - if !output.status.success() { - return Err(Error::SysctlFailed(output.status.code().unwrap())); - } - + let sysctl = "/usr/sbin/sysctl"; + let run = async |cmd: &mut Command| { + let exit_status = cmd.output().await.map_err(Error::SysctlStart)?.status; + match exit_status.success() { + true => Ok(()), + false => Err(Error::SysctlFailed(exit_status.code().unwrap())), + } + }; + run(Command::new(sysctl).arg("net.ipv4.ip_forward=1")).await?; + run(Command::new(sysctl).arg("net.ipv6.conf.all.forwarding=1")).await?; Ok(()) } |