On Fri, 2024-02-16 at 15:06 -0300, Antonio Terceiro wrote: > On Fri, Feb 16, 2024 at 06:32:39PM +0100, Sven Geuer wrote: > > Hi Paul and Aniol, > > > > I encountered the same issue while working on autopkgtests for the > > vpnc > > package. Error message on salsa.d.o [1] is > > > > vpnc-connect: can't open /dev/net/tun, check that it is either > > device > > char 10 200 or (with DevFS) a symlink to ../misc/net/tun (not > > misc/net/tun): Operation not permitted > > > > The same error showed up running tests with my local debci/lxc > > installation. > > > > After some research on the net I could fix the issue locally by > > adding > > > > lxc.cgroup2.devices.allow = c 10:200 rw > > > > to the lxc container's config file /var/lib/lxc/autopkgtest- > > unstable- > > amd64/config. > > > > Now I wonder how to address the issue properly: > > - Raise a bug against lxc-templates? > > - Raise a bug against debci? > > - Bring up the topic to the Salsa CI Team? > > > > Let me know how to proceed. > > None of these. Enabling access to arbitrary devices from containers > is a > source of security issues and we won't do it. > > You need to mark the test as requiring machine-level isolation¹, so > it > only runs on virtual machines. We do, however, have QEMU support > where > your test can freely interact with the kernel. > > ¹ Restrictions: isolation-machine Tests with "Restrictions: isolation-machine" won't be executed on salsa.d.o or ci.d.n, both installations support only isolation- container. I am looking for a way to get my tests executed at least on ci.d.n. How can this be achieved? -- GPG Fingerprint 3DF5 E8AA 43FC 9FDF D086 F195 ADF5 0EDA F8AD D585
Attachment:
signature.asc
Description: This is a digitally signed message part