diff options
author | Jess Frazelle <me@jessfraz.com> | 2016-05-18 18:47:24 -0700 |
---|---|---|
committer | Ian Lance Taylor <iant@golang.org> | 2016-05-20 00:51:46 +0000 |
commit | 8527b8ef9b00c72b1a8e30e5917c7bdd3c0e79ef (patch) | |
tree | 7f1e74c5edb6ba063e80f27696de7b2a274f225f /src/syscall/exec_linux_test.go | |
parent | 448246adff7feb868d66cfde82b36fcfd0e66b75 (diff) | |
download | go-8527b8ef9b00c72b1a8e30e5917c7bdd3c0e79ef.tar.gz go-8527b8ef9b00c72b1a8e30e5917c7bdd3c0e79ef.zip |
syscall: add Unshare flags to SysProcAttr on Linux
This patch adds Unshare flags to SysProcAttr for Linux systems.
Fixes #1954
Change-Id: Id819c3f92b1474e5a06dd8d55f89d74a43eb770c
Reviewed-on: https://go-review.googlesource.com/23233
Run-TryBot: Ian Lance Taylor <iant@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Ian Lance Taylor <iant@golang.org>
Diffstat (limited to 'src/syscall/exec_linux_test.go')
-rw-r--r-- | src/syscall/exec_linux_test.go | 36 |
1 files changed, 36 insertions, 0 deletions
diff --git a/src/syscall/exec_linux_test.go b/src/syscall/exec_linux_test.go index eb32cfd4b1..ec5be107e0 100644 --- a/src/syscall/exec_linux_test.go +++ b/src/syscall/exec_linux_test.go @@ -125,3 +125,39 @@ func TestEmptyCredGroupsDisableSetgroups(t *testing.T) { t.Fatal(err) } } + +func TestUnshare(t *testing.T) { + // Make sure we are running as root so we have permissions to use unshare + // and create a network namespace. + if os.Getuid() != 0 { + t.Skip("kernel prohibits unshare in unprivileged process, unless using user namespace") + } + + // When running under the Go continuous build, skip tests for + // now when under Kubernetes. (where things are root but not quite) + // Both of these are our own environment variables. + // See Issue 12815. + if os.Getenv("GO_BUILDER_NAME") != "" && os.Getenv("IN_KUBERNETES") == "1" { + t.Skip("skipping test on Kubernetes-based builders; see Issue 12815") + } + + cmd := exec.Command("ip", "a") + cmd.SysProcAttr = &syscall.SysProcAttr{ + Unshare: syscall.CLONE_NEWNET, + } + out, err := cmd.CombinedOutput() + if err != nil { + t.Fatalf("Cmd failed with err %v, output: %s", err, out) + } + + // Check there is only the local network interface + sout := strings.TrimSpace(string(out)) + if !strings.Contains(sout, "lo") { + t.Fatalf("Expected lo network interface to exist, got %s", sout) + } + + lines := strings.Split(sout, "\n") + if len(lines) != 2 { + t.Fatalf("Expected 2 lines of output, got %d", len(lines)) + } +} |