qbit/go
1
0
Fork 0
mirror of https://github.com/golang/go synced 2024-10-02 10:18:33 -06:00
Code Releases Activity

syscall: skip some exec tests in container

Browse Source 
For those tests there won't be enough permissions in containers.
I decided to go this way instead of just skipping os.IsPermission errors because
many of those tests were specifically written to check false positive permission
errors.

Fixes #21379

Change-Id: Ie25e1d6d47f85bb6b570352638440f3ac1e18e03
Reviewed-on: https://go-review.googlesource.com/58170
Reviewed-by: Ian Lance Taylor <iant@golang.org>
Run-TryBot: Ian Lance Taylor <iant@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
This commit is contained in:
Alexander Morozov 2017-08-23 11:49:22 -07:00 committed by Ian Lance Taylor
parent 8f1e2a2610
commit 75fbc8a3d0
1 changed files with 23 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
src/syscall/exec_linux_test.go
View File

@ -23,6 +23,24 @@ import (
"unsafe" "unsafe"
) )
func isDocker() bool {
_, err := os.Stat("/.dockerenv")
return err == nil
}
func isLXC() bool {
return os.Getenv("container") == "lxc"
}
func skipInContainer(t *testing.T) {
if isDocker() {
t.Skip("skip this test in Docker container")
}
if isLXC() {
t.Skip("skip this test in LXC container")
}
}
// Check if we are in a chroot by checking if the inode of / is // Check if we are in a chroot by checking if the inode of / is
// different from 2 (there is no better test available to non-root on // different from 2 (there is no better test available to non-root on
// linux). // linux).
@ -35,6 +53,7 @@ func isChrooted(t *testing.T) bool {
} }
func checkUserNS(t *testing.T) { func checkUserNS(t *testing.T) {
skipInContainer(t)
if _, err := os.Stat("/proc/self/ns/user"); err != nil { if _, err := os.Stat("/proc/self/ns/user"); err != nil {
if os.IsNotExist(err) { if os.IsNotExist(err) {
t.Skip("kernel doesn't support user namespaces") t.Skip("kernel doesn't support user namespaces")
@ -147,6 +166,7 @@ func TestEmptyCredGroupsDisableSetgroups(t *testing.T) {
} }
func TestUnshare(t *testing.T) { func TestUnshare(t *testing.T) {
skipInContainer(t)
// Make sure we are running as root so we have permissions to use unshare // Make sure we are running as root so we have permissions to use unshare
// and create a network namespace. // and create a network namespace.
if os.Getuid() != 0 { if os.Getuid() != 0 {
@ -293,6 +313,7 @@ func TestUnshareMountNameSpaceHelper(*testing.T) {
// Test for Issue 38471: unshare fails because systemd has forced / to be shared // Test for Issue 38471: unshare fails because systemd has forced / to be shared
func TestUnshareMountNameSpace(t *testing.T) { func TestUnshareMountNameSpace(t *testing.T) {
skipInContainer(t)
// Make sure we are running as root so we have permissions to use unshare // Make sure we are running as root so we have permissions to use unshare
// and create a network namespace. // and create a network namespace.
if os.Getuid() != 0 { if os.Getuid() != 0 {
@ -342,6 +363,7 @@ func TestUnshareMountNameSpace(t *testing.T) {
// Test for Issue 20103: unshare fails when chroot is used // Test for Issue 20103: unshare fails when chroot is used
func TestUnshareMountNameSpaceChroot(t *testing.T) { func TestUnshareMountNameSpaceChroot(t *testing.T) {
skipInContainer(t)
// Make sure we are running as root so we have permissions to use unshare // Make sure we are running as root so we have permissions to use unshare
// and create a network namespace. // and create a network namespace.
if os.Getuid() != 0 { if os.Getuid() != 0 {
@ -477,6 +499,7 @@ func TestAmbientCapsHelper(*testing.T) {
} }
func TestAmbientCaps(t *testing.T) { func TestAmbientCaps(t *testing.T) {
skipInContainer(t)
// Make sure we are running as root so we have permissions to use unshare // Make sure we are running as root so we have permissions to use unshare
// and create a network namespace. // and create a network namespace.
if os.Getuid() != 0 { if os.Getuid() != 0 {