tests: do not run sysctl -w kernel.unprivileged_userns_clone=1 as its the default value since linux 5.10.1 (Dec 2020)

tests/as-debootstrap-unshare-wrapper

@@ -6,7 +6,6 @@ if [ ! -e /mmdebstrap-testenv ]; then
 	echo "this test modifies the system and should only be run inside a container" >&2
 	exit 1
 fi
-sysctl -w kernel.unprivileged_userns_clone=1
 useradd --home-dir /home/user --create-home user
 runuser -u user -- {{ CMD }} --variant=custom --mode=unshare --setup-hook='env container=lxc debootstrap unstable "$1" {{ MIRROR }}' - /tmp/debian-mm.tar {{ MIRROR }}
 

tests/auto-mode-without-unshare-capabilities

@@ -6,7 +6,9 @@ if [ ! -e /mmdebstrap-testenv ]; then
 	exit 1
 fi
 useradd --home-dir /home/user --create-home user
-sysctl -w kernel.unprivileged_userns_clone=0
+if [ -e /proc/sys/kernel/unprivileged_userns_clone ] && [ "$(sysctl -n kernel.unprivileged_userns_clone)" = "1" ]; then
+	sysctl -w kernel.unprivileged_userns_clone=0
+fi
 runuser -u user -- {{ CMD }} --mode=auto --variant=apt {{ DIST }} /tmp/debian-chroot.tar.gz {{ MIRROR }}
 tar -tf /tmp/debian-chroot.tar.gz | sort | diff -u tar1.txt -
 rm /tmp/debian-chroot.tar.gz

tests/check-for-bit-by-bit-identical-format-output

@@ -6,7 +6,6 @@ if [ ! -e /mmdebstrap-testenv ]; then
 	exit 1
 fi
 useradd --home-dir /home/user --create-home user
-sysctl -w kernel.unprivileged_userns_clone=1
 export SOURCE_DATE_EPOCH={{ SOURCE_DATE_EPOCH }}
 {{ CMD }} --mode=root --variant={{ VARIANT }} {{ DIST }} /tmp/debian-chroot-root.{{ FORMAT }} {{ MIRROR }}
 if [ "{{ FORMAT }}" = tar ]; then

tests/create-arm64-tarball

@@ -8,13 +8,6 @@ if [ "$(id -u)" -eq 0 ] && ! id -u user > /dev/null 2>&1; then
 	fi
 	useradd --home-dir /home/user --create-home user
 fi
-if [ "{{ MODE }}" = unshare ]; then
-	if [ ! -e /mmdebstrap-testenv ]; then
-		echo "this test modifies the system and should only be run inside a container" >&2
-		exit 1
-	fi
-	sysctl -w kernel.unprivileged_userns_clone=1
-fi
 prefix=
 [ "$(id -u)" -eq 0 ] && [ "{{ MODE }}" != "root" ] && prefix="runuser -u user --"
 [ "{{ MODE }}" = "fakechroot" ] && prefix="$prefix fakechroot fakeroot"

tests/create-gzip-compressed-tarball

@@ -6,7 +6,6 @@ if [ ! -e /mmdebstrap-testenv ]; then
 	exit 1
 fi
 useradd --home-dir /home/user --create-home user
-sysctl -w kernel.unprivileged_userns_clone=1
 runuser -u user -- {{ CMD }} --mode=unshare --variant=apt {{ DIST }} /tmp/debian-chroot.tar.gz {{ MIRROR }}
 printf '\037\213\010' | cmp --bytes=3 /tmp/debian-chroot.tar.gz -
 tar -tf /tmp/debian-chroot.tar.gz | sort | diff -u tar1.txt -

tests/create-tarball-dry-run

@@ -16,13 +16,6 @@ if [ "$(id -u)" -eq 0 ] && [ "{{ MODE }}" != root ] && [ "{{ MODE }}" != auto ];
 		fi
 		useradd --home-dir /home/user --create-home user
 	fi
-	if [ "{{ MODE }}" = unshare ]; then
-		if [ ! -e /mmdebstrap-testenv ]; then
-			echo "this test modifies the system and should only be run inside a container" >&2
-			exit 1
-		fi
-		sysctl -w kernel.unprivileged_userns_clone=1
-	fi
 	prefix="runuser -u user --"
 	if [ "{{ VARIANT }}" = extract ] || [ "{{ VARIANT }}" = custom ]; then
 		include="$(tr '\n' ',' < pkglist.txt)"

tests/custom-tmpdir

@@ -8,7 +8,6 @@ fi
 # https://www.etalabs.net/sh_tricks.html
 quote () { printf %s\\n "$1" | sed "s/'/'\\\\''/g;1s/^/'/;\$s/\$/'/" ; }
 useradd --home-dir /home/user --create-home user
-sysctl -w kernel.unprivileged_userns_clone=1
 homedir=$(runuser -u user -- sh -c 'cd && pwd')
 # apt:test/integration/test-apt-key
 TMPDIR_ADD="This is fü\$\$ing cràzy, \$(apt -v)\$!"

tests/cwd-directory-not-accessible-by-unshared-user

@@ -6,7 +6,6 @@ if [ ! -e /mmdebstrap-testenv ]; then
 	exit 1
 fi
 useradd --home-dir /home/user --create-home user
-sysctl -w kernel.unprivileged_userns_clone=1
 mkdir /tmp/debian-chroot
 chmod 700 /tmp/debian-chroot
 chown user:user /tmp/debian-chroot

tests/fail-without-etc-subuid

@@ -6,7 +6,6 @@ if [ ! -e /mmdebstrap-testenv ]; then
 	exit 1
 fi
 useradd --home-dir /home/user --create-home user
-sysctl -w kernel.unprivileged_userns_clone=1
 rm /etc/subuid
 ret=0
 runuser -u user -- {{ CMD }} --mode=unshare --variant=apt {{ DIST }} /tmp/debian-chroot {{ MIRROR }} || ret=$?

tests/fail-without-username-in-etc-subuid

@@ -6,7 +6,6 @@ if [ ! -e /mmdebstrap-testenv ]; then
 	exit 1
 fi
 useradd --home-dir /home/user --create-home user
-sysctl -w kernel.unprivileged_userns_clone=1
 awk -F: '$1!="user"' /etc/subuid > /etc/subuid.tmp
 mv /etc/subuid.tmp /etc/subuid
 ret=0

tests/jessie-or-older

@@ -6,7 +6,6 @@ if [ ! -e /mmdebstrap-testenv ]; then
 	exit 1
 fi
 useradd --home-dir /home/user --create-home user
-sysctl -w kernel.unprivileged_userns_clone=1
 export SOURCE_DATE_EPOCH={{ SOURCE_DATE_EPOCH }}
 
 filter() {

tests/missing-dev-sys-proc-inside-the-chroot

@@ -6,5 +6,4 @@ if [ ! -e /mmdebstrap-testenv ]; then
 	exit 1
 fi
 useradd --home-dir /home/user --create-home user
-sysctl -w kernel.unprivileged_userns_clone=1
 runuser -u user -- {{ CMD }} --mode=unshare --variant=custom --include=dpkg,dash,diffutils,coreutils,libc-bin,sed {{ DIST }} /dev/null {{ MIRROR }}

tests/missing-device-nodes-outside-the-chroot

@@ -7,7 +7,6 @@ if [ ! -e /mmdebstrap-testenv ]; then
 fi
 rm /dev/console
 useradd --home-dir /home/user --create-home user
-sysctl -w kernel.unprivileged_userns_clone=1
 runuser -u user -- {{ CMD }} --mode=unshare --variant=apt {{ DIST }} /tmp/debian-chroot.tar {{ MIRROR }}
 tar -tf /tmp/debian-chroot.tar | sort | diff -u tar1.txt -
 rm /tmp/debian-chroot.tar

tests/root-mode-inside-unshare-chroot

@@ -11,7 +11,6 @@ if [ ! -e /mmdebstrap-testenv ]; then
 fi
 [ "$(whoami)" = "root" ]
 useradd --home-dir /home/user --create-home user
-sysctl -w kernel.unprivileged_userns_clone=1
 cat << 'SCRIPT' > script.sh
 #!/bin/sh
 set -eu

tests/special-hooks-with-mode-mode

@@ -8,13 +8,6 @@ if [ "$(id -u)" -eq 0 ] && ! id -u user > /dev/null 2>&1; then
 	fi
 	useradd --home-dir /home/user --create-home user
 fi
-if [ "{{ MODE }}" = unshare ]; then
-	if [ ! -e /mmdebstrap-testenv ]; then
-		echo "this test modifies the system and should only be run inside a container" >&2
-		exit 1
-	fi
-	sysctl -w kernel.unprivileged_userns_clone=1
-fi
 prefix=
 [ "$(id -u)" -eq 0 ] && [ "{{ MODE }}" != "root" ] && prefix="runuser -u user --"
 [ "{{ MODE }}" = "fakechroot" ] && prefix="$prefix fakechroot fakeroot"

tests/tarfilter-idshift

@@ -9,7 +9,6 @@ trap "rm -f /tmp/debian-chroot.tar /tmp/debian-chroot-shifted.tar /tmp/debian-ch
 useradd --home-dir /home/user --create-home user
 echo user:100000:65536 | cmp /etc/subuid -
 echo user:100000:65536 | cmp /etc/subgid -
-sysctl -w kernel.unprivileged_userns_clone=1
 # include iputils-ping so that we can verify that tarfilter does not remove
 # extended attributes
 # run through tarshift no-op to create a tarball that should be bit-by-bit

tests/unpack-doc-debian

@@ -8,13 +8,6 @@ if [ "$(id -u)" -eq 0 ] && ! id -u user > /dev/null 2>&1; then
 	fi
 	useradd --home-dir /home/user --create-home user
 fi
-if [ "{{ MODE }}" = unshare ]; then
-	if [ ! -e /mmdebstrap-testenv ]; then
-		echo "this test modifies the system and should only be run inside a container" >&2
-		exit 1
-	fi
-	sysctl -w kernel.unprivileged_userns_clone=1
-fi
 prefix=
 [ "$(id -u)" -eq 0 ] && [ "{{ MODE }}" != "root" ] && prefix="runuser -u user --"
 [ "{{ MODE }}" = "fakechroot" ] && prefix="$prefix fakechroot fakeroot"