From e766ca4e7cd6a6f82108f18214111cf77faf5f17 Mon Sep 17 00:00:00 2001
From: Thomas Haller <thaller@redhat.com>
Date: Wed, 27 Apr 2022 07:53:17 +0200
Subject: [PATCH] contrib: improve nm-in-container.d scripts

Get `ip netns exec` to work. Now we can start stuff in their
own namespace, which is much cleaner.
---
 .../nm-in-container.d/data-nm-env-prepare.sh  | 95 ++++++++++++++-----
 contrib/scripts/nm-in-container.sh            | 49 +++++++++-
 2 files changed, 120 insertions(+), 24 deletions(-)

diff --git a/contrib/scripts/nm-in-container.d/data-nm-env-prepare.sh b/contrib/scripts/nm-in-container.d/data-nm-env-prepare.sh
index 61cee0371c..49c91d3ff8 100755
--- a/contrib/scripts/nm-in-container.d/data-nm-env-prepare.sh
+++ b/contrib/scripts/nm-in-container.d/data-nm-env-prepare.sh
@@ -11,6 +11,9 @@ do_cleanup() {
     local IDX="$1"
     local NAME_PREFIX="${2:-net}"
     local PEER_PREFIX="${3:-d_}"
+    local NETNS_PREFIX="${4:-tt}"
+
+    logger --id "nm-env-prepare-$IDX" "cleanup start # $@"
 
     pkill -F "/tmp/nm-dnsmasq-$PEER_PREFIX$IDX.pid" dnsmasq &>/dev/null || :
     rm -rf "/tmp/nm-dnsmasq-$PEER_PREFIX$IDX.pid"
@@ -24,40 +27,60 @@ do_cleanup() {
 
     rm -rf "/tmp/nm-radvd-$PEER_PREFIX$IDX.conf"
 
-    ip link del "$PEER_PREFIX$IDX" &>/dev/null || :
+    ip -netns "$NETNS_PREFIX$IDX" link del "$PEER_PREFIX$IDX" &>/dev/null || :
+
+    ip netns del "$NETNS_PREFIX$IDX" &>/dev/null || :
+
+    logger --id "nm-env-prepare-$IDX" "cleanup complete # $@"
 }
 
 do_setup() {
     local IDX="$1"
     local NAME_PREFIX="${2:-net}"
     local PEER_PREFIX="${3:-d_}"
+    local NETNS_PREFIX="${4:-tt}"
 
-    do_cleanup "$IDX"
+    logger --id "nm-env-prepare-$IDX" "setup start # $@"
 
-    ip link add "$NAME_PREFIX$IDX" type veth peer "$PEER_PREFIX$IDX"
-    ip link set "$PEER_PREFIX$IDX" up
+    ip netns add "$NETNS_PREFIX$IDX"
+    ip -netns "$NETNS_PREFIX$IDX" link set lo up
 
-    ip addr add "192.168.$((120 + IDX)).1/23" dev "$PEER_PREFIX$IDX"
-    ip addr add "192:168:$((120 + IDX))::1/64" dev "$PEER_PREFIX$IDX"
+    ip -netns "$NETNS_PREFIX$IDX" link add "$NAME_PREFIX$IDX" type veth peer "$PEER_PREFIX$IDX"
+    ip -netns "$NETNS_PREFIX$IDX" link set "$PEER_PREFIX$IDX" up
+
+    ip -netns "$NETNS_PREFIX$IDX" addr add "192.168.$((120 + IDX)).1/23" dev "$PEER_PREFIX$IDX"
+    ip -netns "$NETNS_PREFIX$IDX" addr add "192:168:$((120 + IDX))::1/64" dev "$PEER_PREFIX$IDX"
 
     # PPPoE inside the rootless container is not actually working, because
     # /dev/ppp is not accessible. Still start it, so that we at least can
     # test how far it goes...
     echo "192.168.$((120 + $IDX)).180-200" > "/tmp/nm-pppoe-allip-$PEER_PREFIX$IDX"
-    pppoe-server -X "/tmp/nm-pppoe-$PEER_PREFIX$IDX.pid" -S isp -C isp -L "192.168.$((120 + IDX)).1" -p "/tmp/nm-pppoe-allip-$PEER_PREFIX$IDX" -I "$PEER_PREFIX$IDX" &
+    ip netns exec "$NETNS_PREFIX$IDX" \
+        pppoe-server \
+            -X "/tmp/nm-pppoe-$PEER_PREFIX$IDX.pid" \
+            -S isp \
+            -C isp \
+            -L "192.168.$((120 + IDX)).1" \
+            -p "/tmp/nm-pppoe-allip-$PEER_PREFIX$IDX" \
+            -I "$PEER_PREFIX$IDX" \
+            &
 
-    dnsmasq \
-        --conf-file=/dev/null \
-        --pid-file="/tmp/nm-dnsmasq-$PEER_PREFIX$IDX.pid" \
-        --no-hosts \
-        --keep-in-foreground \
-        --bind-interfaces \
-        --except-interface=lo \
-        --clear-on-reload \
-        --listen-address="192.168.$((120 + $IDX)).1" \
-        --dhcp-range="192.168.$((120 + $IDX)).100,192.168.$((120 + $IDX)).150" \
-        --no-ping \
-        &
+    ip netns exec "$NETNS_PREFIX$IDX" \
+        dnsmasq \
+            --conf-file=/dev/null \
+            --pid-file="/tmp/nm-dnsmasq-$PEER_PREFIX$IDX.pid" \
+            --no-hosts \
+            --keep-in-foreground \
+            --bind-interfaces \
+            --log-debug \
+            --log-queries \
+            --log-dhcp \
+            --except-interface=lo \
+            --clear-on-reload \
+            --listen-address="192.168.$((120 + $IDX)).1" \
+            --dhcp-range="192.168.$((120 + $IDX)).100,192.168.$((120 + $IDX)).150" \
+            --no-ping \
+            &
 
     cat <<EOF > "/tmp/nm-radvd-$PEER_PREFIX$IDX.conf"
 interface $PEER_PREFIX$IDX
@@ -70,10 +93,17 @@ interface $PEER_PREFIX$IDX
 
 };
 EOF
-    radvd \
-        --config "/tmp/nm-radvd-$PEER_PREFIX$IDX.conf" \
-        --pidfile "/tmp/nm-radvd-$PEER_PREFIX$IDX.pid" \
-        &
+    ip netns exec "$NETNS_PREFIX$IDX" \
+        radvd \
+            --config "/tmp/nm-radvd-$PEER_PREFIX$IDX.conf" \
+            --pidfile "/tmp/nm-radvd-$PEER_PREFIX$IDX.pid" \
+            --logmethod syslog \
+            -d 5 \
+            &
+
+    ip -netns ""$NETNS_PREFIX$IDX"" link set "$NAME_PREFIX$IDX" netns $$
+
+    logger --id "nm-env-prepare-$IDX" "setup complete: netns=$NETNS_PREFIX$IDX, iface=$NAME_PREFIX$IDX, peer=$PEER_PREFIX$IDX # $@"
 }
 
 do_redo() {
@@ -81,8 +111,27 @@ do_redo() {
     do_setup "$@"
 }
 
+do_one_time_setup() {
+    if [ ! -d /tmp/sys2 ]; then
+        # `ip -netns t exec ...` will try to mount sysfs. But kernel rejects that in
+        # the container, unless a writable sysfs is already mounted. Due to --priviledged,
+        # we have /sys mounted rw, however, ip will first unmount /sys before trying to
+        # remount it. We thus need it mounted as rw one additional time.
+        #
+        # Let's do this setup step once, and never clean it up.
+        # https://github.com/containers/podman/issues/11887#issuecomment-938706628
+        mkdir /tmp/sys2
+        mount -t sysfs --make-private /tmp/sys2
+    fi
+}
+
 ###############################################################################
 
+# We do this one-time-setup always when the script runs, and never clean it
+# up.
+do_one_time_setup
+
+
 IDX=1
 NAME_PREFIX=net
 PEER_PREFIX=
diff --git a/contrib/scripts/nm-in-container.sh b/contrib/scripts/nm-in-container.sh
index c997e36c6b..02a16e9da3 100755
--- a/contrib/scripts/nm-in-container.sh
+++ b/contrib/scripts/nm-in-container.sh
@@ -109,7 +109,54 @@ find NetworkManager bind mounted at $BASEDIR_NM
 run \`nm-env-prepare.sh setup --idx 1\` to setup test interfaces
 
 Configure NetworkManager with
-  \$ ./configure --enable-maintainer-mode --enable-more-warnings=error --with-more-asserts="\${NM_BUILD_MORE_ASSERTS:-1000}" --with-nm-cloud-setup=yes --prefix=/opt/test --localstatedir=/var --sysconfdir=/etc --enable-gtk-doc --enable-introspection --with-ofono=yes --with-dhclient=yes --with-dhcpcanon=yes --with-dhcpcd=yes --enable-more-logging --enable-compile-warnings=yes --enable-address-sanitizer=no --enable-undefined-sanitizer=no --with-valgrind=yes --enable-concheck --enable-wimax --enable-ifcfg-rh=yes --enable-config-plugin-ibft=yes --enable-ifcfg-suse --enable-ifupdown=yes --enable-ifnet --enable-vala=yes --enable-polkit=yes --with-libnm-glib=yes --with-nmcli=yes --with-nmtui=yes --with-modem-manager-1 --with-suspend-resume=systemd --enable-teamdctl=yes --enable-ovs=yes --enable-tests="\${NM_BUILD_TESTS:-yes}" --with-netconfig=/bin/nowhere/netconfig --with-resolvconf=/bin/nowhere/resolvconf --with-crypto=nss --with-session-tracking=systemd --with-consolekit=yes --with-systemd-logind=yes --with-iwd=yes --enable-json-validation=yes --with-consolekit=yes --with-config-dns-rc-manager-default=auto --with-config-dhcp-default=internal "\${NM_CONFIGURE_OTPS[@]}"
+  \$ ./configure \
+           --enable-address-sanitizer=no \
+           --enable-compile-warnings=yes \
+           --enable-concheck \
+           --enable-config-plugin-ibft=yes \
+           --enable-gtk-doc \
+           --enable-ifcfg-rh=yes \
+           --enable-ifcfg-suse \
+           --enable-ifnet \
+           --enable-ifupdown=yes \
+           --enable-introspection \
+           --enable-json-validation=yes \
+           --enable-maintainer-mode \
+           --enable-more-logging \
+           --enable-more-warnings=error \
+           --enable-ovs=yes \
+           --enable-polkit=yes \
+           --enable-teamdctl=yes \
+           --enable-undefined-sanitizer=no \
+           --enable-vala=yes \
+           --enable-wimax \
+           --localstatedir=/var \
+           --prefix=/opt/test \
+           --sysconfdir=/etc \
+           --with-config-dhcp-default=internal \
+           --with-config-dns-rc-manager-default=auto \
+           --with-consolekit=yes \
+           --with-consolekit=yes \
+           --with-crypto=nss \
+           --with-dhclient=yes \
+           --with-dhcpcanon=yes \
+           --with-dhcpcd=yes \
+           --with-iwd=yes \
+           --with-libnm-glib=yes \
+           --with-modem-manager-1 \
+           --with-netconfig=/bin/nowhere/netconfig \
+           --with-nm-cloud-setup=yes \
+           --with-nmcli=yes \
+           --with-nmtui=yes \
+           --with-ofono=yes \
+           --with-resolvconf=/bin/nowhere/resolvconf \
+           --with-session-tracking=systemd \
+           --with-suspend-resume=systemd \
+           --with-systemd-logind=yes \
+           --with-valgrind=yes \
+           --enable-tests="\${NM_BUILD_TESTS:-yes}" \
+           --with-more-asserts="\${NM_BUILD_MORE_ASSERTS:-1000}" \
+           "\${NM_CONFIGURE_OTPS[@]}"
 Test with:
   \$ systemctl stop NetworkManager; /opt/test/sbin/NetworkManager --debug 2>&1 | tee -a /tmp/nm-log.txt
 EOF