336ef2de99
Launching a container with a private network requires creating a dedicated networking interface for it; name of that interface is derived from the container name itself - e.g. a container named `foo` gets attached to an interface named `ve-foo`. An interface name can span up to IFNAMSIZ characters, which means that a container name must contain at most IFNAMSIZ - 3 - 1 = 11 characters; it's a limit that we validate using a build-time assertion. This limit has been upgraded with Linux 5.8, as it allows for an interface to contain a so-called altname, which can be much longer, while remaining treated as a first-class citizen. Since altnames have been supported natively by systemd for a while now, due diligence on our side ends with dropping the name-assertion on newer kernels. This commit closes #38509. systemd/systemd#14467 systemd/systemd#17220 https://lwn.net/Articles/794289/
38 lines
1.1 KiB
Nix
38 lines
1.1 KiB
Nix
import ./make-test-python.nix ({ pkgs, lib, ... }: {
|
|
name = "containers-names";
|
|
meta = {
|
|
maintainers = with lib.maintainers; [ patryk27 ];
|
|
};
|
|
|
|
machine = { ... }: {
|
|
# We're using the newest kernel, so that we can test containers with long names.
|
|
# Please see https://github.com/NixOS/nixpkgs/issues/38509 for details.
|
|
boot.kernelPackages = pkgs.linuxPackages_latest;
|
|
|
|
containers = let
|
|
container = subnet: {
|
|
autoStart = true;
|
|
privateNetwork = true;
|
|
hostAddress = "192.168.${subnet}.1";
|
|
localAddress = "192.168.${subnet}.2";
|
|
config = { };
|
|
};
|
|
|
|
in {
|
|
first = container "1";
|
|
second = container "2";
|
|
really-long-name = container "3";
|
|
really-long-long-name-2 = container "4";
|
|
};
|
|
};
|
|
|
|
testScript = ''
|
|
machine.wait_for_unit("default.target")
|
|
|
|
machine.succeed("ip link show | grep ve-first")
|
|
machine.succeed("ip link show | grep ve-second")
|
|
machine.succeed("ip link show | grep ve-really-lFYWO")
|
|
machine.succeed("ip link show | grep ve-really-l3QgY")
|
|
'';
|
|
})
|