[bug#77578,1/2] tests: docker-system: Remove unnecessary services from Docker image.
Commit Message
'run-docker-system-test' was hanging during execution of 'herd status' inside
a container. This occurred because '%test-docker-system' specified more
services than 'gnu/system/examples/docker-image.tmpl', which may have caused
conflicts or unexpected behavior.
* gnu/tests/docker.scm (%test-docker-system): Remove
static-networking-service-type, udev-service-type, urandom-seed-service-type,
shepherd-system-log-service-type. Add syslog-service-type.
Change-Id: I2c3f7bc54fa6b5a802c8e16cba6ffae0cd09d4cc
---
gnu/tests/docker.scm | 53 ++++++++++++++++++++++++++++++++++++++------
1 file changed, 46 insertions(+), 7 deletions(-)
@@ -26,10 +26,13 @@ (define-module (gnu tests docker)
#:use-module (gnu system image)
#:use-module (gnu system vm)
#:use-module (gnu services)
+ #:use-module (gnu services admin)
+ #:use-module (gnu services base)
#:use-module (gnu services dbus)
#:use-module (gnu services networking)
#:use-module (gnu services docker)
#:use-module (gnu services desktop)
+ #:use-module (gnu services shepherd)
#:use-module (gnu packages)
#:use-module ((gnu packages base) #:select (glibc))
#:use-module (gnu packages guile)
@@ -340,13 +343,49 @@ (define %test-docker-system
docker-image} inside Docker.")
(value (with-monad %store-monad
(>>= (lower-object
- (system-image (os->image
- (operating-system
- (inherit (simple-operating-system))
- ;; Use locales for a single libc to
- ;; reduce space requirements.
- (locale-libcs (list glibc)))
- #:type docker-image-type)))
+ (system-image
+ (os->image
+ (let ((os (simple-operating-system)))
+ (operating-system
+ (inherit os)
+ ;; Use locales for a single libc to
+ ;; reduce space requirements.
+ (locale-libcs (list glibc))
+ (services
+ (modify-services
+ (append
+ (operating-system-user-services os)
+ (list
+ (service syslog-service-type
+ (syslog-configuration
+ (extra-options
+ '("--rcfile=/etc/syslog.conf"
+ "--no-forward"
+ "--no-unixaf"
+ "--no-klog"))))))
+ ;; 'herd status' is unresponsive. Investigation
+ ;; needed to resolve before migrating from syslog
+ ;; logging.
+ (delete shepherd-system-log-service-type)
+
+ ;; Containers are created with limited privileges
+ ;; by default as a security measure. This
+ ;; restriction can prevent direct configuration of
+ ;; networking or hostname settings, which often
+ ;; require elevated permissions. Container runtimes
+ ;; typically manage these aspects using internal
+ ;; mechanisms and the CNI (Container Network
+ ;; Interface) standard, abstracting away much of
+ ;; the underlying network configuration.
+ (delete static-networking-service-type)
+
+ ;; Inside a container, the device tree is often
+ ;; limited and controlled by a container runtime.
+ (delete udev-service-type)
+ ;; Seeding urandom rely on devices that are not
+ ;; available inside the container.
+ (delete urandom-seed-service-type)))))
+ #:type docker-image-type)))
run-docker-system-test)))))
�