From 0d482b382481734b430621c08cad58e20faf8aa8 Mon Sep 17 00:00:00 2001
From: Jess Frazelle <me@jessfraz.com>
Date: Mon, 17 Jul 2017 13:51:37 -0400
Subject: syscall: update check for UserNS support for centos 7

Fixes #20796
Fixes #16283

Change-Id: Ib11992fbd2bc1fbb3b14ae5a6bf0da2e4c12f641
Reviewed-on: https://go-review.googlesource.com/49311
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
Run-TryBot: Brad Fitzpatrick <bradfitz@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
---
 src/syscall/exec_linux_test.go | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/src/syscall/exec_linux_test.go b/src/syscall/exec_linux_test.go
index 5c7d8a29c1..114deec5bb 100644
--- a/src/syscall/exec_linux_test.go
+++ b/src/syscall/exec_linux_test.go
@@ -57,6 +57,14 @@ func checkUserNS(t *testing.T) {
 			t.Skip("kernel prohibits user namespace in unprivileged process")
 		}
 	}
+	// On Centos 7 make sure they set the kernel parameter user_namespace=1
+	// See issue 16283 and 20796.
+	if _, err := os.Stat("/sys/module/user_namespace/parameters/enable"); err == nil {
+		buf, _ := ioutil.ReadFile("/sys/module/user_namespace/parameters/enabled")
+		if !strings.HasPrefix(string(buf), "Y") {
+			t.Skip("kernel doesn't support user namespaces")
+		}
+	}
 	// When running under the Go continuous build, skip tests for
 	// now when under Kubernetes. (where things are root but not quite)
 	// Both of these are our own environment variables.
-- 
cgit v1.2.3-54-g00ecf