mirror of
https://github.com/golang/go
synced 2024-11-05 12:06:15 -07:00
syscall: skip TestAmbientCapsUserns if user namespaces are not supported
Fixes #34015 Change-Id: I29798fb9c72b6f4bee8aecea96ab13b4cba2e80d Reviewed-on: https://go-review.googlesource.com/c/go/+/195738 Run-TryBot: Tobias Klauser <tobias.klauser@gmail.com> TryBot-Result: Gobot Gobot <gobot@golang.org> Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
This commit is contained in:
parent
85fc765341
commit
d3595f7171
@ -42,6 +42,18 @@ func skipInContainer(t *testing.T) {
|
||||
}
|
||||
}
|
||||
|
||||
func skipNoUserNamespaces(t *testing.T) {
|
||||
if _, err := os.Stat("/proc/self/ns/user"); err != nil {
|
||||
if os.IsNotExist(err) {
|
||||
t.Skip("kernel doesn't support user namespaces")
|
||||
}
|
||||
if os.IsPermission(err) {
|
||||
t.Skip("unable to test user namespaces due to permissions")
|
||||
}
|
||||
t.Fatalf("Failed to stat /proc/self/ns/user: %v", err)
|
||||
}
|
||||
}
|
||||
|
||||
func skipUnprivilegedUserClone(t *testing.T) {
|
||||
// Skip the test if the sysctl that prevents unprivileged user
|
||||
// from creating user namespaces is enabled.
|
||||
@ -64,15 +76,7 @@ func isChrooted(t *testing.T) bool {
|
||||
|
||||
func checkUserNS(t *testing.T) {
|
||||
skipInContainer(t)
|
||||
if _, err := os.Stat("/proc/self/ns/user"); err != nil {
|
||||
if os.IsNotExist(err) {
|
||||
t.Skip("kernel doesn't support user namespaces")
|
||||
}
|
||||
if os.IsPermission(err) {
|
||||
t.Skip("unable to test user namespaces due to permissions")
|
||||
}
|
||||
t.Fatalf("Failed to stat /proc/self/ns/user: %v", err)
|
||||
}
|
||||
skipNoUserNamespaces(t)
|
||||
if isChrooted(t) {
|
||||
// create_user_ns in the kernel (see
|
||||
// https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/tree/kernel/user_namespace.c)
|
||||
@ -573,6 +577,7 @@ func TestAmbientCaps(t *testing.T) {
|
||||
}
|
||||
|
||||
func TestAmbientCapsUserns(t *testing.T) {
|
||||
skipNoUserNamespaces(t)
|
||||
testAmbientCaps(t, true)
|
||||
}
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user