Browse Source

tests: do not run sysctl -w kernel.unprivileged_userns_clone=1 as its the default value since linux 5.10.1 (Dec 2020)

main
parent
commit
98aef0d023
Signed by: josch
GPG Key ID: F2CBA5C78FBD83E1
  1. 1
      tests/as-debootstrap-unshare-wrapper
  2. 4
      tests/auto-mode-without-unshare-capabilities
  3. 1
      tests/check-for-bit-by-bit-identical-format-output
  4. 7
      tests/create-arm64-tarball
  5. 1
      tests/create-gzip-compressed-tarball
  6. 7
      tests/create-tarball-dry-run
  7. 1
      tests/custom-tmpdir
  8. 1
      tests/cwd-directory-not-accessible-by-unshared-user
  9. 1
      tests/fail-without-etc-subuid
  10. 1
      tests/fail-without-username-in-etc-subuid
  11. 1
      tests/jessie-or-older
  12. 1
      tests/missing-dev-sys-proc-inside-the-chroot
  13. 1
      tests/missing-device-nodes-outside-the-chroot
  14. 1
      tests/root-mode-inside-unshare-chroot
  15. 7
      tests/special-hooks-with-mode-mode
  16. 1
      tests/tarfilter-idshift
  17. 7
      tests/unpack-doc-debian

1
tests/as-debootstrap-unshare-wrapper

@ -6,7 +6,6 @@ if [ ! -e /mmdebstrap-testenv ]; then @@ -6,7 +6,6 @@ if [ ! -e /mmdebstrap-testenv ]; then
echo "this test modifies the system and should only be run inside a container" >&2
exit 1
fi
sysctl -w kernel.unprivileged_userns_clone=1
useradd --home-dir /home/user --create-home user
runuser -u user -- {{ CMD }} --variant=custom --mode=unshare --setup-hook='env container=lxc debootstrap unstable "$1" {{ MIRROR }}' - /tmp/debian-mm.tar {{ MIRROR }}

4
tests/auto-mode-without-unshare-capabilities

@ -6,7 +6,9 @@ if [ ! -e /mmdebstrap-testenv ]; then @@ -6,7 +6,9 @@ if [ ! -e /mmdebstrap-testenv ]; then
exit 1
fi
useradd --home-dir /home/user --create-home user
sysctl -w kernel.unprivileged_userns_clone=0
if [ -e /proc/sys/kernel/unprivileged_userns_clone ] && [ "$(sysctl -n kernel.unprivileged_userns_clone)" = "1" ]; then
sysctl -w kernel.unprivileged_userns_clone=0
fi
runuser -u user -- {{ CMD }} --mode=auto --variant=apt {{ DIST }} /tmp/debian-chroot.tar.gz {{ MIRROR }}
tar -tf /tmp/debian-chroot.tar.gz | sort | diff -u tar1.txt -
rm /tmp/debian-chroot.tar.gz

1
tests/check-for-bit-by-bit-identical-format-output

@ -6,7 +6,6 @@ if [ ! -e /mmdebstrap-testenv ]; then @@ -6,7 +6,6 @@ if [ ! -e /mmdebstrap-testenv ]; then
exit 1
fi
useradd --home-dir /home/user --create-home user
sysctl -w kernel.unprivileged_userns_clone=1
export SOURCE_DATE_EPOCH={{ SOURCE_DATE_EPOCH }}
{{ CMD }} --mode=root --variant={{ VARIANT }} {{ DIST }} /tmp/debian-chroot-root.{{ FORMAT }} {{ MIRROR }}
if [ "{{ FORMAT }}" = tar ]; then

7
tests/create-arm64-tarball

@ -8,13 +8,6 @@ if [ "$(id -u)" -eq 0 ] && ! id -u user > /dev/null 2>&1; then @@ -8,13 +8,6 @@ if [ "$(id -u)" -eq 0 ] && ! id -u user > /dev/null 2>&1; then
fi
useradd --home-dir /home/user --create-home user
fi
if [ "{{ MODE }}" = unshare ]; then
if [ ! -e /mmdebstrap-testenv ]; then
echo "this test modifies the system and should only be run inside a container" >&2
exit 1
fi
sysctl -w kernel.unprivileged_userns_clone=1
fi
prefix=
[ "$(id -u)" -eq 0 ] && [ "{{ MODE }}" != "root" ] && prefix="runuser -u user --"
[ "{{ MODE }}" = "fakechroot" ] && prefix="$prefix fakechroot fakeroot"

1
tests/create-gzip-compressed-tarball

@ -6,7 +6,6 @@ if [ ! -e /mmdebstrap-testenv ]; then @@ -6,7 +6,6 @@ if [ ! -e /mmdebstrap-testenv ]; then
exit 1
fi
useradd --home-dir /home/user --create-home user
sysctl -w kernel.unprivileged_userns_clone=1
runuser -u user -- {{ CMD }} --mode=unshare --variant=apt {{ DIST }} /tmp/debian-chroot.tar.gz {{ MIRROR }}
printf '\037\213\010' | cmp --bytes=3 /tmp/debian-chroot.tar.gz -
tar -tf /tmp/debian-chroot.tar.gz | sort | diff -u tar1.txt -

7
tests/create-tarball-dry-run

@ -16,13 +16,6 @@ if [ "$(id -u)" -eq 0 ] && [ "{{ MODE }}" != root ] && [ "{{ MODE }}" != auto ]; @@ -16,13 +16,6 @@ if [ "$(id -u)" -eq 0 ] && [ "{{ MODE }}" != root ] && [ "{{ MODE }}" != auto ];
fi
useradd --home-dir /home/user --create-home user
fi
if [ "{{ MODE }}" = unshare ]; then
if [ ! -e /mmdebstrap-testenv ]; then
echo "this test modifies the system and should only be run inside a container" >&2
exit 1
fi
sysctl -w kernel.unprivileged_userns_clone=1
fi
prefix="runuser -u user --"
if [ "{{ VARIANT }}" = extract ] || [ "{{ VARIANT }}" = custom ]; then
include="$(tr '\n' ',' < pkglist.txt)"

1
tests/custom-tmpdir

@ -8,7 +8,6 @@ fi @@ -8,7 +8,6 @@ fi
# https://www.etalabs.net/sh_tricks.html
quote () { printf %s\\n "$1" | sed "s/'/'\\\\''/g;1s/^/'/;\$s/\$/'/" ; }
useradd --home-dir /home/user --create-home user
sysctl -w kernel.unprivileged_userns_clone=1
homedir=$(runuser -u user -- sh -c 'cd && pwd')
# apt:test/integration/test-apt-key
TMPDIR_ADD="This is fü\$\$ing cràzy, \$(apt -v)\$!"

1
tests/cwd-directory-not-accessible-by-unshared-user

@ -6,7 +6,6 @@ if [ ! -e /mmdebstrap-testenv ]; then @@ -6,7 +6,6 @@ if [ ! -e /mmdebstrap-testenv ]; then
exit 1
fi
useradd --home-dir /home/user --create-home user
sysctl -w kernel.unprivileged_userns_clone=1
mkdir /tmp/debian-chroot
chmod 700 /tmp/debian-chroot
chown user:user /tmp/debian-chroot

1
tests/fail-without-etc-subuid

@ -6,7 +6,6 @@ if [ ! -e /mmdebstrap-testenv ]; then @@ -6,7 +6,6 @@ if [ ! -e /mmdebstrap-testenv ]; then
exit 1
fi
useradd --home-dir /home/user --create-home user
sysctl -w kernel.unprivileged_userns_clone=1
rm /etc/subuid
ret=0
runuser -u user -- {{ CMD }} --mode=unshare --variant=apt {{ DIST }} /tmp/debian-chroot {{ MIRROR }} || ret=$?

1
tests/fail-without-username-in-etc-subuid

@ -6,7 +6,6 @@ if [ ! -e /mmdebstrap-testenv ]; then @@ -6,7 +6,6 @@ if [ ! -e /mmdebstrap-testenv ]; then
exit 1
fi
useradd --home-dir /home/user --create-home user
sysctl -w kernel.unprivileged_userns_clone=1
awk -F: '$1!="user"' /etc/subuid > /etc/subuid.tmp
mv /etc/subuid.tmp /etc/subuid
ret=0

1
tests/jessie-or-older

@ -6,7 +6,6 @@ if [ ! -e /mmdebstrap-testenv ]; then @@ -6,7 +6,6 @@ if [ ! -e /mmdebstrap-testenv ]; then
exit 1
fi
useradd --home-dir /home/user --create-home user
sysctl -w kernel.unprivileged_userns_clone=1
export SOURCE_DATE_EPOCH={{ SOURCE_DATE_EPOCH }}
filter() {

1
tests/missing-dev-sys-proc-inside-the-chroot

@ -6,5 +6,4 @@ if [ ! -e /mmdebstrap-testenv ]; then @@ -6,5 +6,4 @@ if [ ! -e /mmdebstrap-testenv ]; then
exit 1
fi
useradd --home-dir /home/user --create-home user
sysctl -w kernel.unprivileged_userns_clone=1
runuser -u user -- {{ CMD }} --mode=unshare --variant=custom --include=dpkg,dash,diffutils,coreutils,libc-bin,sed {{ DIST }} /dev/null {{ MIRROR }}

1
tests/missing-device-nodes-outside-the-chroot

@ -7,7 +7,6 @@ if [ ! -e /mmdebstrap-testenv ]; then @@ -7,7 +7,6 @@ if [ ! -e /mmdebstrap-testenv ]; then
fi
rm /dev/console
useradd --home-dir /home/user --create-home user
sysctl -w kernel.unprivileged_userns_clone=1
runuser -u user -- {{ CMD }} --mode=unshare --variant=apt {{ DIST }} /tmp/debian-chroot.tar {{ MIRROR }}
tar -tf /tmp/debian-chroot.tar | sort | diff -u tar1.txt -
rm /tmp/debian-chroot.tar

1
tests/root-mode-inside-unshare-chroot

@ -11,7 +11,6 @@ if [ ! -e /mmdebstrap-testenv ]; then @@ -11,7 +11,6 @@ if [ ! -e /mmdebstrap-testenv ]; then
fi
[ "$(whoami)" = "root" ]
useradd --home-dir /home/user --create-home user
sysctl -w kernel.unprivileged_userns_clone=1
cat << 'SCRIPT' > script.sh
#!/bin/sh
set -eu

7
tests/special-hooks-with-mode-mode

@ -8,13 +8,6 @@ if [ "$(id -u)" -eq 0 ] && ! id -u user > /dev/null 2>&1; then @@ -8,13 +8,6 @@ if [ "$(id -u)" -eq 0 ] && ! id -u user > /dev/null 2>&1; then
fi
useradd --home-dir /home/user --create-home user
fi
if [ "{{ MODE }}" = unshare ]; then
if [ ! -e /mmdebstrap-testenv ]; then
echo "this test modifies the system and should only be run inside a container" >&2
exit 1
fi
sysctl -w kernel.unprivileged_userns_clone=1
fi
prefix=
[ "$(id -u)" -eq 0 ] && [ "{{ MODE }}" != "root" ] && prefix="runuser -u user --"
[ "{{ MODE }}" = "fakechroot" ] && prefix="$prefix fakechroot fakeroot"

1
tests/tarfilter-idshift

@ -9,7 +9,6 @@ trap "rm -f /tmp/debian-chroot.tar /tmp/debian-chroot-shifted.tar /tmp/debian-ch @@ -9,7 +9,6 @@ trap "rm -f /tmp/debian-chroot.tar /tmp/debian-chroot-shifted.tar /tmp/debian-ch
useradd --home-dir /home/user --create-home user
echo user:100000:65536 | cmp /etc/subuid -
echo user:100000:65536 | cmp /etc/subgid -
sysctl -w kernel.unprivileged_userns_clone=1
# include iputils-ping so that we can verify that tarfilter does not remove
# extended attributes
# run through tarshift no-op to create a tarball that should be bit-by-bit

7
tests/unpack-doc-debian

@ -8,13 +8,6 @@ if [ "$(id -u)" -eq 0 ] && ! id -u user > /dev/null 2>&1; then @@ -8,13 +8,6 @@ if [ "$(id -u)" -eq 0 ] && ! id -u user > /dev/null 2>&1; then
fi
useradd --home-dir /home/user --create-home user
fi
if [ "{{ MODE }}" = unshare ]; then
if [ ! -e /mmdebstrap-testenv ]; then
echo "this test modifies the system and should only be run inside a container" >&2
exit 1
fi
sysctl -w kernel.unprivileged_userns_clone=1
fi
prefix=
[ "$(id -u)" -eq 0 ] && [ "{{ MODE }}" != "root" ] && prefix="runuser -u user --"
[ "{{ MODE }}" = "fakechroot" ] && prefix="$prefix fakechroot fakeroot"

Loading…
Cancel
Save