GitList

Browse code

fix centos when userns not in kernel

Signed-off-by: Jessica Frazelle <acidburn@docker.com>

Jessica Frazelle authored on 2016/03/03 09:58:49
Showing 2 changed files

integration-cli/docker_cli_run_unix_test.go index 173f6b5..6347652 100644
integration-cli/requirements.go index ff7ffd0..6b89494 100644

integration-cli/docker_cli_run_unix_test.go

@@ -817,7 +817,7 @@ func (s *DockerSuite) TestRunSeccompProfileDenyCloneUserns(c *check.C) {
                      // TestRunSeccompUnconfinedCloneUserns checks that
                      // 'docker run --security-opt seccomp:unconfined syscall-test' allows creating a userns.
                      func (s *DockerSuite) TestRunSeccompUnconfinedCloneUserns(c *check.C) {
                     -	testRequires(c, SameHostDaemon, seccompEnabled, NotUserNamespace)
                     +	testRequires(c, SameHostDaemon, seccompEnabled, UserNamespaceInKernel, NotUserNamespace)
                      	// make sure running w privileged is ok
                      	runCmd := exec.Command(dockerBinary, "run", "--security-opt", "seccomp:unconfined", "syscall-test", "userns-test", "id")
@@ -829,7 +829,7 @@ func (s *DockerSuite) TestRunSeccompUnconfinedCloneUserns(c *check.C) {
                      // TestRunSeccompAllowPrivCloneUserns checks that 'docker run --privileged syscall-test'
                      // allows creating a userns.
                      func (s *DockerSuite) TestRunSeccompAllowPrivCloneUserns(c *check.C) {
                     -	testRequires(c, SameHostDaemon, seccompEnabled, NotUserNamespace)
                     +	testRequires(c, SameHostDaemon, seccompEnabled, UserNamespaceInKernel, NotUserNamespace)
                      	// make sure running w privileged is ok
                      	runCmd := exec.Command(dockerBinary, "run", "--privileged", "syscall-test", "userns-test", "id")

integration-cli/requirements.go

History View file @ 7ab696f

@@ -140,6 +140,19 @@ var (
                      		},
                      		"Test requires native Golang compiler instead of GCCGO",
+                     	}
                     +	UserNamespaceInKernel = testRequirement{
                     +		func() bool {
                     +			if _, err := os.Stat("/proc/self/uid_map"); os.IsNotExist(err) {
                     +				/*
                     +				 * This kernel-provided file only exists if user namespaces are
                     +				 * supported
                     +				 */
                     +				return false
                     +			}
                     +			return true
                     +		},
                     +		"Kernel must have user namespaces configured.",
                     +	}
                      	NotUserNamespace = testRequirement{
                      		func() bool {
                      			root := os.Getenv("DOCKER_REMAP_ROOT")