tests: containers: Skip if setgroups file does not exist.
Fixes bug #21226. Linux 3.19 introduced a fix for a security vulnerability in user namespaces. This fix introduced a new proc file called 'setgroups' and was backported to many older kernels. However, some users run a kernel that is new enough to support user namespaces yet old enough to not include the patch, so we must skip the tests. * tests/containers.scm: Skip all tests if /proc/self/setgroups does not exist.
This commit is contained in:
David Thompson
parent
7549f98415
commit
bc459b617f
1 changed files with 4 additions and 2 deletions
|
|
@ -26,8 +26,10 @@
|
||||||
(define (assert-exit x)
|
(define (assert-exit x)
|
||||||
(primitive-exit (if x 0 1)))
|
(primitive-exit (if x 0 1)))
|
||||||
|
|
||||||
;; Skip these tests unless user namespaces are available.
|
;; Skip these tests unless user namespaces are available and the setgroups
|
||||||
(unless (file-exists? "/proc/self/ns/user")
|
;; file (introduced in Linux 3.19 to address a security issue) exists.
|
||||||
|
(unless (and (file-exists? "/proc/self/ns/user")
|
||||||
|
(file-exists? "/proc/self/setgroups"))
|
||||||
(exit 77))
|
(exit 77))
|
||||||
|
|
||||||
(test-begin "containers")
|
(test-begin "containers")
|
||||||
|
|
|
||||||
Reference in a new issue