* For security, don't mount the entire host filesystem.

svn path=/nixos/trunk/; revision=28429

lib/test-driver/Machine.pm

@@ -127,7 +127,6 @@ sub start {
             "-no-reboot -monitor unix:./monitor -chardev socket,id=shell,path=./shell " .
             "-device virtio-serial -device virtconsole,chardev=shell " .
             ($showGraphics ? "-serial stdio" : "-nographic") . " " . ($ENV{QEMU_OPTS} || "");
-        $ENV{QEMU_KERNEL_PARAMS} = "hostTmpDir=$ENV{TMPDIR}";
         chdir $self->{stateDir} or die;
         exec $self->{startCommand};
         die "running VM script: $!";

lib/test-driver/test-driver.pl

@@ -129,7 +129,7 @@ sub runTests {
             # sources.
             my $kernelDir = $vm->mustSucceed("echo \$(dirname \$(readlink -f /var/run/current-system/kernel))/.build/linux-*");
             chomp $kernelDir;
-            my $coverageDir = "/hostfs" . $vm->stateDir() . "/coverage-data/$kernelDir";
+            my $coverageDir = "/tmp/xchg/coverage-data/$kernelDir";
 
             # Copy all the *.gcda files.
             $vm->execute("for d in $gcovDir/nix/store/*/.build/linux-*; do for i in \$(cd \$d && find -name '*.gcda'); do echo \$i; mkdir -p $coverageDir/\$(dirname \$i); cp -v \$d/\$i $coverageDir/\$i; done; done");

lib/testing.nix

@@ -59,9 +59,9 @@ rec {
           touch $out/nix-support/hydra-build-products
           echo "report testlog $out log.html" >> $out/nix-support/hydra-build-products
 
-          for i in */coverage-data; do
+          for i in */xchg/coverage-data; do
             mkdir -p $out/coverage-data
-            mv $i $out/coverage-data/$(dirname $i)
+            mv $i $out/coverage-data/$(dirname $(dirname $i))
           done
 
           [ -z "$failed" ] || touch $out/nix-support/failed
@@ -193,13 +193,14 @@ rec {
       testscript = ''
         startAll;
         ${preBuild}
-        $client->succeed("env -i ${pkgs.bash}/bin/bash ${buildrunner} /hostfs".$client->stateDir."/saved-env >&2");
+        $client->succeed("env -i ${pkgs.bash}/bin/bash ${buildrunner} /tmp/xchg/saved-env >&2");
         ${postBuild}
       '';
 
       vmRunCommand = writeText "vm-run" ''
-        ${coreutils}/bin/mkdir -p vm-state-client
-        export > vm-state-client/saved-env
+        ${coreutils}/bin/mkdir $out
+        ${coreutils}/bin/mkdir -p vm-state-client/xchg
+        export > vm-state-client/xchg/saved-env
         export tests='${testscript}'
         ${testDriver}/bin/nixos-test-driver ${vm.config.system.build.vm}/bin/run-*-vm
       ''; # */

modules/services/web-servers/apache-httpd/default.nix

@@ -558,22 +558,17 @@ in
         startOn = "started ${startingDependency} and filesystem";
 
         environment =
-          { # !!! This should be added in test-instrumentation.nix.  It
-            # shouldn't hurt though, since packages usually aren't built
-            # with coverage enabled.
-           GCOV_PREFIX = "/tmp/coverage-data";
+          { PATH = concatStringsSep ":" (
+              [ "${pkgs.coreutils}/bin" "${pkgs.gnugrep}/bin" ]
+              ++ # Needed for PHP's mail() function.  !!! Probably the
+                 # ssmtp module should export the path to sendmail in
+                 # some way.
+                 optional config.networking.defaultMailServer.directDelivery "${pkgs.ssmtp}/sbin"
+              ++ (concatMap (svc: svc.extraServerPath) allSubservices) );
 
-           PATH = concatStringsSep ":" (
-             [ "${pkgs.coreutils}/bin" "${pkgs.gnugrep}/bin" ]
-             ++ # Needed for PHP's mail() function.  !!! Probably the
-                # ssmtp module should export the path to sendmail in
-                # some way.
-                optional config.networking.defaultMailServer.directDelivery "${pkgs.ssmtp}/sbin"
-             ++ (concatMap (svc: svc.extraServerPath) allSubservices) );
+            PHPRC = if enablePHP then phpIni else "";
 
-           PHPRC = if enablePHP then phpIni else "";
-
-           TZ = config.time.timeZone;
+            TZ = config.time.timeZone;
 
           } // (listToAttrs (concatMap (svc: svc.globalEnvVars) allSubservices));
 

modules/testing/test-instrumentation.nix

@@ -64,13 +64,8 @@ in
         # to failures that are hard to diagnose.
         echo 2 > /proc/sys/vm/panic_on_oom
 
-        # Coverage data is written into /tmp/coverage-data.  Symlink
-        # it to the host filesystem so that we don't need to copy it
-        # on shutdown.
-        ( eval $(cat /proc/cmdline)
-          mkdir -p /hostfs/$hostTmpDir/coverage-data
-          ln -sfn /hostfs/$hostTmpDir/coverage-data /tmp/coverage-data
-        )
+        # Coverage data is written into /tmp/coverage-data.
+        mkdir -p /tmp/xchg/coverage-data
 
         # Mount debugfs to gain access to the kernel coverage data (if
         # available).
@@ -103,7 +98,7 @@ in
     networking.defaultGateway = mkOverride 150 "";
     networking.nameservers = mkOverride 150 [ ];
 
-    system.upstartEnvironment.GCOV_PREFIX = "/tmp/coverage-data";
+    system.upstartEnvironment.GCOV_PREFIX = "/tmp/xchg/coverage-data";
       
   };
 

modules/virtualisation/qemu-vm.nix

@@ -153,6 +153,7 @@ let
           TMPDIR=$(mktemp -d nix-vm-smbd.XXXXXXXXXX --tmpdir)
       fi
       cd $TMPDIR
+      mkdir -p $TMPDIR/xchg
 
       ${pkgs.vmTools.startSamba}
 
@@ -310,16 +311,16 @@ in
     [ { mountPoint = "/";
         device = "/dev/vda";
       }
-      { mountPoint = "/hostfs";
-        device = "//10.0.2.4/qemu";
+      { mountPoint = "/nix/store";
+        device = "//10.0.2.4/store";
         fsType = "cifs";
         options = "guest,sec=none,noperm,noacl";
         neededForBoot = true;
       }
-      { mountPoint = "/nix/store";
-        device = "/hostfs/nix/store";
-        fsType = "none";
-        options = "bind";
+      { mountPoint = "/tmp/xchg";
+        device = "//10.0.2.4/xchg";
+        fsType = "cifs";
+        options = "guest,sec=none,noperm,noacl";
         neededForBoot = true;
       }
     ] ++ optional cfg.useBootLoader