diff options
| author | Kira Bruneau <kira.bruneau@pm.me> | 2024-03-20 14:22:44 -0400 |
|---|---|---|
| committer | github-actions[bot] <github-actions[bot]@users.noreply.github.com> | 2024-04-06 22:08:15 +0000 |
| commit | 440aaef7d871a2e3d5ddaf3ce1307cfbffda9529 (patch) | |
| tree | 5fe2274633fc8645702631917abaa296020e0ae5 | |
| parent | Merge pull request #301347 from NixOS/backport-301297-to-release-23.11 (diff) | |
| download | nixpkgs-origin/backport-297517-to-release-23.11.tar.gz | |
nixos/nixos-containers: require mounts for bind mount host pathsorigin/backport-297517-to-release-23.11
Fixes starting containers before bind mount host paths are mounted
(cherry picked from commit 7f3643bef645d0c64317fe8c7c34a2ee74a04022)
| -rw-r--r-- | nixos/modules/virtualisation/nixos-containers.nix | 5 | ||||
| -rw-r--r-- | nixos/tests/all-tests.nix | 1 | ||||
| -rw-r--r-- | nixos/tests/containers-require-bind-mounts.nix | 35 |
3 files changed, 40 insertions, 1 deletions
diff --git a/nixos/modules/virtualisation/nixos-containers.nix b/nixos/modules/virtualisation/nixos-containers.nix index d4fa707b2dd5..8db578353c6f 100644 --- a/nixos/modules/virtualisation/nixos-containers.nix +++ b/nixos/modules/virtualisation/nixos-containers.nix @@ -828,7 +828,10 @@ in script = startScript containerConfig; postStart = postStartScript containerConfig; serviceConfig = serviceDirectives containerConfig; - unitConfig.RequiresMountsFor = lib.optional (!containerConfig.ephemeral) "${stateDirectory}/%i"; + unitConfig.RequiresMountsFor = lib.optional (!containerConfig.ephemeral) "${stateDirectory}/%i" + ++ builtins.map + (d: if d.hostPath != null then d.hostPath else d.mountPoint) + (builtins.attrValues cfg.bindMounts); environment.root = if containerConfig.ephemeral then "/run/nixos-containers/%i" else "${stateDirectory}/%i"; } // ( optionalAttrs containerConfig.autoStart diff --git a/nixos/tests/all-tests.nix b/nixos/tests/all-tests.nix index cdde035e071a..e0a66ef89898 100644 --- a/nixos/tests/all-tests.nix +++ b/nixos/tests/all-tests.nix @@ -212,6 +212,7 @@ in { containers-physical_interfaces = handleTest ./containers-physical_interfaces.nix {}; containers-portforward = handleTest ./containers-portforward.nix {}; containers-reloadable = handleTest ./containers-reloadable.nix {}; + containers-require-bind-mounts = handleTest ./containers-require-bind-mounts.nix {}; containers-restart_networking = handleTest ./containers-restart_networking.nix {}; containers-tmpfs = handleTest ./containers-tmpfs.nix {}; containers-unified-hierarchy = handleTest ./containers-unified-hierarchy.nix {}; diff --git a/nixos/tests/containers-require-bind-mounts.nix b/nixos/tests/containers-require-bind-mounts.nix new file mode 100644 index 000000000000..5f986fd3e280 --- /dev/null +++ b/nixos/tests/containers-require-bind-mounts.nix @@ -0,0 +1,35 @@ +import ./make-test-python.nix ({ lib, ... }: { + name = "containers-require-bind-mounts"; + meta.maintainers = with lib.maintainers; [ kira-bruneau ]; + + nodes.machine = { + containers.require-bind-mounts = { + bindMounts = { "/srv/data" = {}; }; + config = {}; + }; + + virtualisation.fileSystems = { + "/srv/data" = { + fsType = "tmpfs"; + options = [ "noauto" ]; + }; + }; + }; + + testScript = '' + machine.wait_for_unit("default.target") + + assert "require-bind-mounts" in machine.succeed("nixos-container list") + assert "down" in machine.succeed("nixos-container status require-bind-mounts") + assert "inactive" in machine.fail("systemctl is-active srv-data.mount") + + with subtest("bind mount host paths must be mounted to run container"): + machine.succeed("nixos-container start require-bind-mounts") + assert "up" in machine.succeed("nixos-container status require-bind-mounts") + assert "active" in machine.succeed("systemctl status srv-data.mount") + + machine.succeed("systemctl stop srv-data.mount") + assert "down" in machine.succeed("nixos-container status require-bind-mounts") + assert "inactive" in machine.fail("systemctl is-active srv-data.mount") + ''; +}) |