mirror of
https://github.com/golang/go
synced 2024-10-02 10:18:33 -06:00
syscall: skip some exec tests in container
For those tests there won't be enough permissions in containers. I decided to go this way instead of just skipping os.IsPermission errors because many of those tests were specifically written to check false positive permission errors. Fixes #21379 Change-Id: Ie25e1d6d47f85bb6b570352638440f3ac1e18e03 Reviewed-on: https://go-review.googlesource.com/58170 Reviewed-by: Ian Lance Taylor <iant@golang.org> Run-TryBot: Ian Lance Taylor <iant@golang.org> TryBot-Result: Gobot Gobot <gobot@golang.org>
This commit is contained in:
parent
8f1e2a2610
commit
75fbc8a3d0
@ -23,6 +23,24 @@ import (
|
|||||||
"unsafe"
|
"unsafe"
|
||||||
)
|
)
|
||||||
|
|
||||||
|
func isDocker() bool {
|
||||||
|
_, err := os.Stat("/.dockerenv")
|
||||||
|
return err == nil
|
||||||
|
}
|
||||||
|
|
||||||
|
func isLXC() bool {
|
||||||
|
return os.Getenv("container") == "lxc"
|
||||||
|
}
|
||||||
|
|
||||||
|
func skipInContainer(t *testing.T) {
|
||||||
|
if isDocker() {
|
||||||
|
t.Skip("skip this test in Docker container")
|
||||||
|
}
|
||||||
|
if isLXC() {
|
||||||
|
t.Skip("skip this test in LXC container")
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
// Check if we are in a chroot by checking if the inode of / is
|
// Check if we are in a chroot by checking if the inode of / is
|
||||||
// different from 2 (there is no better test available to non-root on
|
// different from 2 (there is no better test available to non-root on
|
||||||
// linux).
|
// linux).
|
||||||
@ -35,6 +53,7 @@ func isChrooted(t *testing.T) bool {
|
|||||||
}
|
}
|
||||||
|
|
||||||
func checkUserNS(t *testing.T) {
|
func checkUserNS(t *testing.T) {
|
||||||
|
skipInContainer(t)
|
||||||
if _, err := os.Stat("/proc/self/ns/user"); err != nil {
|
if _, err := os.Stat("/proc/self/ns/user"); err != nil {
|
||||||
if os.IsNotExist(err) {
|
if os.IsNotExist(err) {
|
||||||
t.Skip("kernel doesn't support user namespaces")
|
t.Skip("kernel doesn't support user namespaces")
|
||||||
@ -147,6 +166,7 @@ func TestEmptyCredGroupsDisableSetgroups(t *testing.T) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
func TestUnshare(t *testing.T) {
|
func TestUnshare(t *testing.T) {
|
||||||
|
skipInContainer(t)
|
||||||
// Make sure we are running as root so we have permissions to use unshare
|
// Make sure we are running as root so we have permissions to use unshare
|
||||||
// and create a network namespace.
|
// and create a network namespace.
|
||||||
if os.Getuid() != 0 {
|
if os.Getuid() != 0 {
|
||||||
@ -293,6 +313,7 @@ func TestUnshareMountNameSpaceHelper(*testing.T) {
|
|||||||
|
|
||||||
// Test for Issue 38471: unshare fails because systemd has forced / to be shared
|
// Test for Issue 38471: unshare fails because systemd has forced / to be shared
|
||||||
func TestUnshareMountNameSpace(t *testing.T) {
|
func TestUnshareMountNameSpace(t *testing.T) {
|
||||||
|
skipInContainer(t)
|
||||||
// Make sure we are running as root so we have permissions to use unshare
|
// Make sure we are running as root so we have permissions to use unshare
|
||||||
// and create a network namespace.
|
// and create a network namespace.
|
||||||
if os.Getuid() != 0 {
|
if os.Getuid() != 0 {
|
||||||
@ -342,6 +363,7 @@ func TestUnshareMountNameSpace(t *testing.T) {
|
|||||||
|
|
||||||
// Test for Issue 20103: unshare fails when chroot is used
|
// Test for Issue 20103: unshare fails when chroot is used
|
||||||
func TestUnshareMountNameSpaceChroot(t *testing.T) {
|
func TestUnshareMountNameSpaceChroot(t *testing.T) {
|
||||||
|
skipInContainer(t)
|
||||||
// Make sure we are running as root so we have permissions to use unshare
|
// Make sure we are running as root so we have permissions to use unshare
|
||||||
// and create a network namespace.
|
// and create a network namespace.
|
||||||
if os.Getuid() != 0 {
|
if os.Getuid() != 0 {
|
||||||
@ -477,6 +499,7 @@ func TestAmbientCapsHelper(*testing.T) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
func TestAmbientCaps(t *testing.T) {
|
func TestAmbientCaps(t *testing.T) {
|
||||||
|
skipInContainer(t)
|
||||||
// Make sure we are running as root so we have permissions to use unshare
|
// Make sure we are running as root so we have permissions to use unshare
|
||||||
// and create a network namespace.
|
// and create a network namespace.
|
||||||
if os.Getuid() != 0 {
|
if os.Getuid() != 0 {
|
||||||
|
Loading…
Reference in New Issue
Block a user