qbit/go
1
0
Fork 0
mirror of https://github.com/golang/go synced 2024-11-23 22:20:02 -07:00
Code Releases Activity

syscall: skip test if unprivileged_userns_clone sysctl is missing

Browse Source 
The original test (CL 166460) didn't check the existence of
/proc/sys/kernel/unprivileged_userns_clone and continue the test
if the file doesn't exist.

Fixes #32459

Change-Id: Iab4938252fcaded32b61e17edf68f966c2565582
Reviewed-on: https://go-review.googlesource.com/c/go/+/180877
Run-TryBot: Tobias Klauser <tobias.klauser@gmail.com>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Tobias Klauser <tobias.klauser@gmail.com>
This commit is contained in:
Meng Zhuo 2019-06-06 18:07:13 +08:00 committed by Tobias Klauser
parent 064ce85c20
commit f31b7b9b5b
1 changed files with 11 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
src/syscall/exec_linux_test.go
View File

@ -42,6 +42,15 @@ func skipInContainer(t *testing.T) {
}
}
func skipUnprivilegedUserClone(t *testing.T) {
// Skip the test if the sysctl that prevents unprivileged user
// from creating user namespaces is enabled.
data, errRead := ioutil.ReadFile("/proc/sys/kernel/unprivileged_userns_clone")
if errRead != nil || len(data) < 1 && data[0] == '0' {
t.Skip("kernel prohibits user namespace in unprivileged process")
}
}
// Check if we are in a chroot by checking if the inode of / is
// different from 2 (there is no better test available to non-root on
// linux).
@ -72,10 +81,7 @@ func checkUserNS(t *testing.T) {
}
// On some systems, there is a sysctl setting.
if os.Getuid() != 0 {
data, errRead := ioutil.ReadFile("/proc/sys/kernel/unprivileged_userns_clone")
if errRead == nil && data[0] == '0' {
t.Skip("kernel prohibits user namespace in unprivileged process")
}
skipUnprivilegedUserClone(t)
}
// On Centos 7 make sure they set the kernel parameter user_namespace=1
// See issue 16283 and 20796.
@ -582,12 +588,7 @@ func testAmbientCaps(t *testing.T, userns bool) {
t.Skip("skipping test on Kubernetes-based builders; see Issue 12815")
}
// Skip the test if the sysctl that prevents unprivileged user
// from creating user namespaces is enabled.
data, errRead := ioutil.ReadFile("/proc/sys/kernel/unprivileged_userns_clone")
if errRead == nil && data[0] == '0' {
t.Skip("kernel prohibits user namespace in unprivileged process")
}
skipUnprivilegedUserClone(t)
// skip on android, due to lack of lookup support
if runtime.GOOS == "android" {