Merge pull request os-autoinst#20376 from mloviska/pv_usb_priv

Test access to usb device from a container

tests/containers/privileged_mode.pm

@@ -39,11 +39,23 @@ sub run {
     # xen-pv does not define USB passthrough in the xml as of now
     # this feature has to be added -> https://progress.opensuse.org/issues/138410
     assert_script_run("$runtime run --rm $image bash -c '! test -d /dev/bus'");
-    assert_script_run("$runtime run --rm --privileged $image ls /dev/bus") unless (is_s390x || is_public_cloud || is_xen_pv || is_hyperv || is_vmware);
+    assert_script_run("$runtime run --rm --privileged $image ls /dev/bus") unless (is_s390x || is_public_cloud || is_hyperv || is_vmware);
+
+    # syscalls availability
+    if ($runtime eq 'podman') {
+        script_run("$runtime run --rm -d $image bash -c 'sleep infinity'");
+        assert_script_run("$runtime top -l seccomp | grep filter");
+        script_run("$runtime run --rm -d --privileged $image bash -c 'sleep infinity'");
+        assert_script_run("$runtime top -l seccomp | grep disabled");
+    }
 
     # Mounting tmpfs only works in privileged mode because the read-only protection in the default mode
     assert_script_run("$runtime run --rm --privileged $image mount -t tmpfs none /mnt");
 
+    # check how were kernel filesystem mounted
+    assert_script_run("$runtime run --rm $image mount | grep '\(ro'");
+    assert_script_run("$runtime run --rm --privileged $image mount | grep '\(rw'");
+
     # Capabilities are only available in privileged mode
     my $capbnd = script_output("cat /proc/1/status | grep CapBnd");
     validate_script_output("$runtime run --rm --privileged $image cat /proc/1/status | grep CapBnd", sub { m/$capbnd/ });

tests/installation/bootloader_svirt.pm

@@ -229,6 +229,9 @@ sub run {
             });
     }
 
+    if ($vmm_family eq 'xen' && $vmm_type eq 'linux') {
+        $svirt->add_usb_hub();
+    }
     $svirt->add_vnc({port => get_var('VIRSH_INSTANCE', 1) + 5900});
 
     my %ifacecfg = ();