Merge pull request #10505 from poettering/have-namespace

skip various test-execute tests when we have no namespacing
2018-10-24 22:00:42 +02:00 · 2018-10-24 22:00:42 +02:00 · c069e28961
parent 73f19ce1ae 5f00dc4df6
commit c069e28961
7 changed files with 68 additions and 4 deletions
--- a/src/core/execute.c
+++ b/src/core/execute.c
@ -2431,6 +2431,10 @@ static int apply_mount_namespace(
                        return 0;
                }

+                log_unit_debug(u, "Failed to set up namespace, and refusing to continue since the selected namespacing options alter mount environment non-trivially.\n"
+                               "Bind mounts: %zu, temporary filesystems: %zu, root directory: %s, root image: %s, dynamic user: %s",
+                               n_bind_mounts, context->n_temporary_filesystems, yes_no(root_dir), yes_no(root_image), yes_no(context->dynamic_user));
+
                return -EOPNOTSUPP;
        }

--- a/src/shared/tests.c
+++ b/src/shared/tests.c
@ -1,14 +1,22 @@
 /* SPDX-License-Identifier: LGPL-2.1+ */

-#include <alloc-util.h>
-#include <fs-util.h>
-#include <libgen.h>
+#include <sched.h>
+#include <signal.h>
 #include <stdlib.h>
+#include <sys/mount.h>
+#include <sys/wait.h>
 #include <util.h>

+/* When we include libgen.h because we need dirname() we immediately
+ * undefine basename() since libgen.h defines it as a macro to the POSIX
+ * version which is really broken. We prefer GNU basename(). */
+#include <libgen.h>
+#undef basename
+
 #include "alloc-util.h"
 #include "env-util.h"
 #include "fileio.h"
+#include "fs-util.h"
 #include "log.h"
 #include "path-util.h"
 #include "strv.h"
@ -108,3 +116,36 @@ int log_tests_skipped_errno(int r, const char *message) {
                         program_invocation_short_name, message);
        return EXIT_TEST_SKIP;
 }
+
+bool have_namespaces(void) {
+        siginfo_t si = {};
+        pid_t pid;
+
+        /* Checks whether namespaces are available. In some cases they aren't. We do this by calling unshare(), and we
+         * do so in a child process in order not to affect our own process. */
+
+        pid = fork();
+        assert_se(pid >= 0);
+
+        if (pid == 0) {
+                /* child */
+                if (unshare(CLONE_NEWNS) < 0)
+                        _exit(EXIT_FAILURE);
+
+                if (mount(NULL, "/", NULL, MS_SLAVE|MS_REC, NULL) < 0)
+                        _exit(EXIT_FAILURE);
+
+                _exit(EXIT_SUCCESS);
+        }
+
+        assert_se(waitid(P_PID, pid, &si, WEXITED) >= 0);
+        assert_se(si.si_code == CLD_EXITED);
+
+        if (si.si_status == EXIT_SUCCESS)
+                return true;
+
+        if (si.si_status == EXIT_FAILURE)
+                return false;
+
+        assert_not_reached("unexpected exit code");
+}
--- a/src/shared/tests.h
+++ b/src/shared/tests.h
@ -10,3 +10,5 @@ bool slow_tests_enabled(void);
 void test_setup_logging(int level);
 int log_tests_skipped(const char *message);
 int log_tests_skipped_errno(int r, const char *message);
+
+bool have_namespaces(void);
--- a/src/test/test-execute.c
+++ b/src/test/test-execute.c
@ -28,7 +28,7 @@
 #include "util.h"
 #include "virt.h"

-static bool can_unshare = true;
+static bool can_unshare;

 typedef void (*test_function_t)(Manager *m);

@ -760,6 +760,8 @@ int main(int argc, char *argv[]) {
        (void) unsetenv("LOGNAME");
        (void) unsetenv("SHELL");

+        can_unshare = have_namespaces();
+
        /* It is needed otherwise cgroup creation fails */
        if (getuid() != 0)
                return log_tests_skipped("not root");
--- a/src/test/test-namespace.c
+++ b/src/test/test-namespace.c
@ -111,6 +111,11 @@ int main(int argc, char *argv[]) {

        test_setup_logging(LOG_INFO);

+        if (!have_namespaces()) {
+                log_tests_skipped("Don't have namespace support");
+                return EXIT_TEST_SKIP;
+        }
+
        assert_se(sd_id128_get_boot(&bid) >= 0);
        sd_id128_to_string(bid, boot_id);

--- a/src/test/test-process-util.c
+++ b/src/test/test-process-util.c
@ -186,6 +186,11 @@ static void test_get_process_cmdline_harder(void) {
                return;
        }

+        if (!have_namespaces()) {
+                log_notice("Testing without namespaces, skipping %s", __func__);
+                return;
+        }
+
 #if HAVE_VALGRIND_VALGRIND_H
        /* valgrind patches open(/proc//cmdline)
         * so, test_get_process_cmdline_harder fails always
--- a/src/test/test-seccomp.c
+++ b/src/test/test-seccomp.c
@ -178,6 +178,11 @@ static void test_restrict_namespace(void) {
        unsigned long ul;
        pid_t pid;

+        if (!have_namespaces()) {
+                log_notice("Testing without namespaces, skipping %s", __func__);
+                return;
+        }
+
        log_info("/* %s */", __func__);

        assert_se(namespace_flags_to_string(0, &s) == 0 && streq(s, ""));