search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
(parent: fe00366) | patch
tests: gracefully handle AppArmor userns containment
commit59e0441d4a1198aa9d21643a6e4f370faec4ffbf
authorSimon Chopin <simon.chopin@canonical.com>
Fri, 16 Feb 2024 16:38:49 +0000 (16 17:38 +0100)
committerAdhemerval Zanella <adhemerval.zanella@linaro.org>
Fri, 23 Feb 2024 11:50:00 +0000 (23 08:50 -0300)
tree1c22c7266a3d6b69e9988775f14476c3bf30bdc5tree | snapshot (tar.gz zip)
parentfe00366b63c5cf1a84864647ec4e15721c04ebcfcommit | diff
tests: gracefully handle AppArmor userns containment

Recent AppArmor containment allows restricting unprivileged user
namespaces, which is enabled by default on recent Ubuntu systems.
When this happens, as is common with Linux Security Modules, the syscall
will fail with -EACCESS.

When that happens, the affected tests will now be considered unsupported
rather than simply failing.

Further information:

* https://gitlab.com/apparmor/apparmor/-/wikis/unprivileged_userns_restriction
* https://ubuntu.com/blog/ubuntu-23-10-restricted-unprivileged-user-namespaces
* https://manpages.ubuntu.com/manpages/jammy/man5/apparmor.d.5.html (for
  the return code)

V2:
* Fix duplicated line in check_unshare_hints
* Also handle similar failure in tst-pidfd_getpid

V3:
* Comment formatting
* Aded some more documentation on syscall return value

Signed-off-by: Simon Chopin <simon.chopin@canonical.com>
support/test-container.c diff | blob | blame | history
sysdeps/unix/sysv/linux/tst-pidfd_getpid.c diff | blob | blame | history
sources.redhat.com git mirror of glibc CVS