feat(22.04): add crun and uidmap slices

[endersonmaia]

Proposed changes

Add crun and uidmap slices to 22.04.

Close #221

Related issues/PRs

Forward porting

• feat(20.04) add slice for crun and uidmap #223
• feat(23.10) add slice for crun and uidmap #224
• feat(24.04) add slice for crun and uidmap #225

Testing

Will

# on a local copy in the current branch run:
mkdir rootfs
chisel cut \
    --release ./ \
    --root rootfs/ \
    --arch=amd64 \
    base-files_base \
    base-files_release-info \
    crun_bins
cat <<EOF | docker build -t crun-container . -f -
FROM scratch
COPY rootfs/ /
EOF
docker run --rm crun-container crun --version
rm -rf rootfs/

Expected:

crun version 0.17
commit: 0e9229ae34caaebcb86f1fde18de3acaf18c6d9a
spec: 1.0.0
+SYSTEMD +SELINUX +APPARMOR +CAP +SECCOMP +EBPF +YAJL

Checklist

• I have read the contributing guidelines
• I have already submitted the CLA form

Additional Context

[github-actions]

Diff of dependencies:
None found.

---

[zhijie-yang]

Looks good. There are some issues regarding the linting (see workflow runs) to be fixed, and it is suggested to add the copyright files explicitly in the slice definitions.

[linostar]

slice names to sorted, and copyright need to be added:

• crum: /usr/share/doc/crun/copyright:
• libaudit-common: /usr/share/doc/libaudit-common/copyright:
• libaudit1: /usr/share/doc/libaudit1/copyright:
• libcap-ng0: /usr/share/doc/libcap-ng0/copyright:
• libcap2: /usr/share/doc/libcap2/copyright:
• liblz4-1: /usr/share/doc/liblz4-1/copyright:
• libseccomp2: /usr/share/doc/libseccomp2/copyright:
• libsystemd0: /usr/share/doc/libsystemd0/copyright:
• libyajl2: /usr/share/doc/libyajl2/copyright:
• uidmap: /usr/share/doc/uidmap/copyright:

[linostar]

LGTM, thanks!

[zhijie-yang]

Looks all good to me. Thanks!

[rebornplusplus]

The slices look good, thanks! Only left a few comments below.

With the recent changes around testing in the upstream branch, I think it would be nice to have a spread test for crun and uidmap as well.

[rebornplusplus]

Updated the trivial changes myself. Looks good to me, thank you!

Tried to add a smoke test by running crun --version in a chroot env, but crun runs into an error. Probably this is related: containers/crun#1434. Reverted the commit I added for smoke test. Please feel free to add a smoke test of your own!

[cjdcordeiro]

@rebornplusplus this is actually a very similar issue to #274 -> crun needs procfs, which doesn't exist in the chroot env and we can't create it cause the test runs inside an unprivileged container.

If we can't find a workaround until tomorrow, let's just add a TODO comment in the SDF and move on.

[cjdcordeiro]

@endersonmaia how urgent is this? I'm trying to find a different testing strategy to support such privileged tests like yours, but it could take a few days. If you need this now, I'm happy to merge it with the simplified tests and improve those later on.

[endersonmaia]

@endersonmaia how urgent is this? I'm trying to find a different testing strategy to support such privileged tests like yours, but it could take a few days. If you need this now, I'm happy to merge it with the simplified tests and improve those later on.

I'm using my fork's branch to have this in my build pipeline, so it's not urgent.

[endersonmaia]

... I'm trying to find a different testing strategy to support such privileged tests like yours ...

Have you considered running qemu or even firecracker?

I use the crane tool to generate a rootfs and together with a kernel image you could start a firecracker microVM using something like firectl

[cjdcordeiro]

Thanks @endersonmaia and thanks for the suggestions. I already have #317 up to introduce LXD as a backend for the tests execution. I've tested it with your PR and seemed to work just fine. So once it's merged, we can rebase your PR.

If you have some tests, please add them and I'll re-trigger the CI after the rebase

[cjdcordeiro]

Updated the trivial changes myself. Looks good to me, thank you!

Tried to add a smoke test by running crun --version in a chroot env, but crun runs into an error. Probably this is related: containers/crun#1434. Reverted the commit I added for smoke test. Please feel free to add a smoke test of your own!

@rebornplusplus (or @endersonmaia ) could you please add such test here (and counterpart releases)? 🙏

[cjdcordeiro]

Alright, I've added the crun test. Looking good. Merging.