diff options
| author | Meng Zhuo <mengzhuo1203@gmail.com> | 2019-06-06 18:07:13 +0800 |
|---|---|---|
| committer | Tobias Klauser <tobias.klauser@gmail.com> | 2019-06-06 10:49:25 +0000 |
| commit | f31b7b9b5b43277fb8b77ee57389a0b2f5278c1e (patch) | |
| tree | a2e9b32ac56f974512abce7968c880ca745db16d | |
| parent | 064ce85c2062cfee8dc87b69a831980e67d3d8a8 (diff) | |
| download | go-f31b7b9b5b43277fb8b77ee57389a0b2f5278c1e.tar.gz go-f31b7b9b5b43277fb8b77ee57389a0b2f5278c1e.zip | |
syscall: skip test if unprivileged_userns_clone sysctl is missing
The original test (CL 166460) didn't check the existence of
/proc/sys/kernel/unprivileged_userns_clone and continue the test
if the file doesn't exist.
Fixes #32459
Change-Id: Iab4938252fcaded32b61e17edf68f966c2565582
Reviewed-on: https://go-review.googlesource.com/c/go/+/180877
Run-TryBot: Tobias Klauser <tobias.klauser@gmail.com>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Tobias Klauser <tobias.klauser@gmail.com>
| -rw-r--r-- | src/syscall/exec_linux_test.go | 21 |
1 files changed, 11 insertions, 10 deletions
diff --git a/src/syscall/exec_linux_test.go b/src/syscall/exec_linux_test.go index 09ced3b0e0..8759775fcc 100644 --- a/src/syscall/exec_linux_test.go +++ b/src/syscall/exec_linux_test.go @@ -42,6 +42,15 @@ func skipInContainer(t *testing.T) { } } +func skipUnprivilegedUserClone(t *testing.T) { + // Skip the test if the sysctl that prevents unprivileged user + // from creating user namespaces is enabled. + data, errRead := ioutil.ReadFile("/proc/sys/kernel/unprivileged_userns_clone") + if errRead != nil || len(data) < 1 && data[0] == '0' { + t.Skip("kernel prohibits user namespace in unprivileged process") + } +} + // Check if we are in a chroot by checking if the inode of / is // different from 2 (there is no better test available to non-root on // linux). @@ -72,10 +81,7 @@ func checkUserNS(t *testing.T) { } // On some systems, there is a sysctl setting. if os.Getuid() != 0 { - data, errRead := ioutil.ReadFile("/proc/sys/kernel/unprivileged_userns_clone") - if errRead == nil && data[0] == '0' { - t.Skip("kernel prohibits user namespace in unprivileged process") - } + skipUnprivilegedUserClone(t) } // On Centos 7 make sure they set the kernel parameter user_namespace=1 // See issue 16283 and 20796. @@ -582,12 +588,7 @@ func testAmbientCaps(t *testing.T, userns bool) { t.Skip("skipping test on Kubernetes-based builders; see Issue 12815") } - // Skip the test if the sysctl that prevents unprivileged user - // from creating user namespaces is enabled. - data, errRead := ioutil.ReadFile("/proc/sys/kernel/unprivileged_userns_clone") - if errRead == nil && data[0] == '0' { - t.Skip("kernel prohibits user namespace in unprivileged process") - } + skipUnprivilegedUserClone(t) // skip on android, due to lack of lookup support if runtime.GOOS == "android" { |