Merge pull request #351 from Luap99/debian-tmpfs

debian: use tmpfs on /tmp + bump /tmp size on fedora
containers · May 13, 2024 · b7395d1 · b7395d1
2 parents 560a8f5 + 09161bf
commit b7395d1
Show file tree

Hide file tree

Showing 4 changed files with 51 additions and 6 deletions.
diff --git a/IMG_SFX b/IMG_SFX
@@ -1 +1 @@
-20240506t132946z-f40f39d13
+20240513t140131z-f40f39d13
diff --git a/cache_images/debian_packaging.sh b/cache_images/debian_packaging.sh
@@ -119,19 +119,36 @@ INSTALL_PACKAGES=(\
 msg "Installing general build/testing dependencies"
 bigto $SUDO apt-get -q -y install "${INSTALL_PACKAGES[@]}"
 
-# 2024-05-01 Debian pasta package has a broken apparmor profile
-# ref: https://github.com/containers/automation_images/pull/349#issuecomment-2090494124
-timebomb 20240630 "Workaround for pasta apparmor blocking use of /var/tmp"
+# 2024-05-01 Debian pasta package has a broken apparmor profile for our test
+# ref: https://github.com/containers/podman/issues/22625
+timebomb 20240630 "Workaround for pasta apparmor blocking use of /tmp"
 $SUDO tee /etc/apparmor.d/usr.bin.pasta <<EOF
+# SPDX-License-Identifier: GPL-2.0-or-later
+#
+# PASST - Plug A Simple Socket Transport
+#  for qemu/UNIX domain socket mode
+#
+# PASTA - Pack A Subtle Tap Abstraction
+#  for network namespace/tap device mode
+#
+# contrib/apparmor/usr.bin.pasta - AppArmor profile for pasta(1)
+#
+# Copyright (c) 2022 Red Hat GmbH
+# Author: Stefano Brivio <sbrivio@redhat.com>
+
 abi <abi/3.0>,
 
 include <tunables/global>
 
 profile pasta /usr/bin/pasta{,.avx2} flags=(attach_disconnected) {
   include <abstractions/pasta>
-  include <abstractions/user-tmp>
 
-  owner @{HOME}/**      w,  # pcap(), write_pidfile()
+  # Alternatively: include <abstractions/user-tmp>
+  /tmp/**                         rw,      # tap_sock_unix_init(), pcap(),
+                                                # write_pidfile(),
+                                                # logfile_init()
+
+  owner @{HOME}/**                      w,      # pcap(), write_pidfile()
 }
 EOF
 

diff --git a/cache_images/debian_setup.sh b/cache_images/debian_setup.sh
@@ -21,6 +21,28 @@ source "$REPO_DIRPATH/lib.sh"
 $SUDO sed -i '/en_US.UTF-8/s/^#//g' /etc/locale.gen
 $SUDO locale-gen
 
+# Debian doesn't mount tmpfs on /tmp as default but we want this to speed tests up so
+# they don't have to write to persistent disk.
+# https://github.com/containers/podman/pull/22533
+$SUDO mkdir -p /etc/systemd/system/local-fs.target.wants/
+cat <<EOF | $SUDO tee /etc/systemd/system/tmp.mount
+[Unit]
+Description=Temporary Directory /tmp
+ConditionPathIsSymbolicLink=!/tmp
+DefaultDependencies=no
+Conflicts=umount.target
+Before=local-fs.target umount.target
+After=swap.target
+
+[Mount]
+What=tmpfs
+Where=/tmp
+Type=tmpfs
+Options=size=75%%,mode=1777
+EOF
+# enable the unit by default
+$SUDO ln -s ../tmp.mount /etc/systemd/system/local-fs.target.wants/tmp.mount
+
 req_env_vars PACKER_BUILD_NAME
 
 bash $SCRIPT_DIRPATH/debian_packaging.sh

diff --git a/cache_images/fedora_setup.sh b/cache_images/fedora_setup.sh
@@ -17,6 +17,12 @@ fi
 # shellcheck source=./lib.sh
 source "$REPO_DIRPATH/lib.sh"
 
+# Make /tmp tmpfs bigger, by default we only get 50%. Bump it to 75% so the tests have more storage.
+# Do not use 100% so we do not run out of memory for the process itself if tests start leaking big
+# files on /tmp.
+$SUDO mkdir -p /etc/systemd/system/tmp.mount.d
+echo -e "[Mount]\nOptions=size=75%%,mode=1777\n" | $SUDO tee /etc/systemd/system/tmp.mount.d/override.conf
+
 # packer and/or a --build-arg define this envar value uniformly
 # for both VM and container image build workflows.
 req_env_vars PACKER_BUILD_NAME