fix: kernel AppArmor 2-pass olddefconfig and QEMU test direct kernel boot
The stock TinyCore kernel config has "# CONFIG_SECURITY is not set" which caused make olddefconfig to silently revert all security configs in a single pass. Fix by applying security configs (AppArmor, Audit, LSM) after the first olddefconfig resolves base dependencies, then running a second pass. Added mandatory verification that exits on missing critical configs. All QEMU test scripts converted from broken -cdrom + -append pattern to direct kernel boot (-kernel + -initrd) via shared test/lib/qemu-helpers.sh helper library. The -append flag only works with -kernel, not -cdrom. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
@@ -22,6 +22,8 @@ RUNS=3
|
||||
SSH_PORT=2222
|
||||
K8S_PORT=6443
|
||||
|
||||
. "$SCRIPT_DIR/../lib/qemu-helpers.sh"
|
||||
|
||||
shift || true
|
||||
while [ $# -gt 0 ]; do
|
||||
case "$1" in
|
||||
@@ -47,6 +49,15 @@ echo "Type: $IMAGE_TYPE" >&2
|
||||
echo "Runs: $RUNS" >&2
|
||||
echo "" >&2
|
||||
|
||||
EXTRACT_DIR=""
|
||||
TEMP_DISK=""
|
||||
|
||||
cleanup() {
|
||||
[ -n "$TEMP_DISK" ] && rm -f "$TEMP_DISK"
|
||||
[ -n "$EXTRACT_DIR" ] && rm -rf "$EXTRACT_DIR"
|
||||
}
|
||||
trap cleanup EXIT
|
||||
|
||||
# Build QEMU command
|
||||
QEMU_CMD=(
|
||||
qemu-system-x86_64
|
||||
@@ -55,24 +66,31 @@ QEMU_CMD=(
|
||||
-nographic
|
||||
-no-reboot
|
||||
-serial mon:stdio
|
||||
-net nic,model=virtio
|
||||
-net "nic,model=virtio"
|
||||
-net "user,hostfwd=tcp::${SSH_PORT}-:22,hostfwd=tcp::${K8S_PORT}-:6443"
|
||||
)
|
||||
|
||||
# Add KVM if available
|
||||
if [ -e /dev/kvm ] && [ -r /dev/kvm ]; then
|
||||
KVM_FLAG=$(detect_kvm)
|
||||
if [ -n "$KVM_FLAG" ]; then
|
||||
QEMU_CMD+=(-enable-kvm -cpu host)
|
||||
echo "KVM: enabled" >&2
|
||||
else
|
||||
QEMU_CMD+=(-cpu max)
|
||||
echo "KVM: not available (TCG)" >&2
|
||||
fi
|
||||
echo "" >&2
|
||||
|
||||
if [ "$IMAGE_TYPE" = "iso" ]; then
|
||||
QEMU_CMD+=(-cdrom "$IMAGE")
|
||||
# Extract kernel/initramfs for direct boot (required for -append to work)
|
||||
EXTRACT_DIR="$(mktemp -d /tmp/kubesolo-bench-extract-XXXXXX)"
|
||||
extract_kernel_from_iso "$IMAGE" "$EXTRACT_DIR" >&2
|
||||
QEMU_CMD+=(-kernel "$VMLINUZ" -initrd "$INITRAMFS")
|
||||
QEMU_CMD+=(-append "console=ttyS0,115200n8 kubesolo.debug")
|
||||
# Add a temp disk for persistence
|
||||
TEMP_DISK=$(mktemp /tmp/kubesolo-bench-XXXXXX.img)
|
||||
qemu-img create -f qcow2 "$TEMP_DISK" 8G >/dev/null 2>&1
|
||||
QEMU_CMD+=(-drive "file=$TEMP_DISK,format=qcow2,if=virtio")
|
||||
trap "rm -f $TEMP_DISK" EXIT
|
||||
else
|
||||
QEMU_CMD+=(-drive "file=$IMAGE,format=raw,if=virtio")
|
||||
fi
|
||||
@@ -111,7 +129,7 @@ for run in $(seq 1 "$RUNS"); do
|
||||
echo "KERNEL_MS=$ELAPSED_MS" >> "$LOG.times"
|
||||
fi
|
||||
;;
|
||||
*"kubesolo-init"*"all stages complete"*|*"init complete"*)
|
||||
*"KubeSolo is running"*|*"kubesolo-init"*"OK"*)
|
||||
if [ -z "$INIT_DONE" ]; then
|
||||
INIT_DONE="$ELAPSED_MS"
|
||||
echo " Init complete: ${ELAPSED_MS}ms" >&2
|
||||
|
||||
Reference in New Issue
Block a user