Browse code
Update UserNamespaceInKernel test requirement to handle redhat
On redhat based distribution, checking that USER_NS is compiled in the
kernel is not sufficient, we also have to check that the feature as
been enabled.
With this commit, it is now done by checking the content of
`/sys/module/user_namespace/parameters/enable`.
Signed-off-by: Kenfe-Mickael Laventure <mickael.laventure@gmail.com>
Kenfe-Mickael Laventure authored on 2016/03/10 04:20:41Showing 2 changed files
| ... | ... |
@@ -20,7 +20,7 @@ import ( |
| 20 | 20 |
// 1. validate uid/gid maps are set properly |
| 21 | 21 |
// 2. verify that files created are owned by remapped root |
| 22 | 22 |
func (s *DockerDaemonSuite) TestDaemonUserNamespaceRootSetting(c *check.C) {
|
| 23 |
- testRequires(c, DaemonIsLinux, SameHostDaemon) |
|
| 23 |
+ testRequires(c, DaemonIsLinux, SameHostDaemon, UserNamespaceInKernel) |
|
| 24 | 24 |
|
| 25 | 25 |
c.Assert(s.d.StartWithBusybox("--userns-remap", "default"), checker.IsNil)
|
| 26 | 26 |
|
| ... | ... |
@@ -149,9 +149,20 @@ var ( |
| 149 | 149 |
*/ |
| 150 | 150 |
return false |
| 151 | 151 |
} |
| 152 |
+ |
|
| 153 |
+ // We need extra check on redhat based distributions |
|
| 154 |
+ if f, err := os.Open("/sys/module/user_namespace/parameters/enable"); err == nil {
|
|
| 155 |
+ b := make([]byte, 1) |
|
| 156 |
+ _, _ = f.Read(b) |
|
| 157 |
+ if string(b) == "N" {
|
|
| 158 |
+ return false |
|
| 159 |
+ } |
|
| 160 |
+ return true |
|
| 161 |
+ } |
|
| 162 |
+ |
|
| 152 | 163 |
return true |
| 153 | 164 |
}, |
| 154 |
- "Kernel must have user namespaces configured.", |
|
| 165 |
+ "Kernel must have user namespaces configured and enabled.", |
|
| 155 | 166 |
} |
| 156 | 167 |
NotUserNamespace = testRequirement{
|
| 157 | 168 |
func() bool {
|