tests: do not run sysctl -w kernel.unprivileged_userns_clone=1 as its the default value since linux 5.10.1 (Dec 2020)
This commit is contained in:
parent
4a77fc76a8
commit
98aef0d023
17 changed files with 3 additions and 41 deletions
|
@ -6,7 +6,6 @@ if [ ! -e /mmdebstrap-testenv ]; then
|
||||||
echo "this test modifies the system and should only be run inside a container" >&2
|
echo "this test modifies the system and should only be run inside a container" >&2
|
||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
sysctl -w kernel.unprivileged_userns_clone=1
|
|
||||||
useradd --home-dir /home/user --create-home user
|
useradd --home-dir /home/user --create-home user
|
||||||
runuser -u user -- {{ CMD }} --variant=custom --mode=unshare --setup-hook='env container=lxc debootstrap unstable "$1" {{ MIRROR }}' - /tmp/debian-mm.tar {{ MIRROR }}
|
runuser -u user -- {{ CMD }} --variant=custom --mode=unshare --setup-hook='env container=lxc debootstrap unstable "$1" {{ MIRROR }}' - /tmp/debian-mm.tar {{ MIRROR }}
|
||||||
|
|
||||||
|
|
|
@ -6,7 +6,9 @@ if [ ! -e /mmdebstrap-testenv ]; then
|
||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
useradd --home-dir /home/user --create-home user
|
useradd --home-dir /home/user --create-home user
|
||||||
sysctl -w kernel.unprivileged_userns_clone=0
|
if [ -e /proc/sys/kernel/unprivileged_userns_clone ] && [ "$(sysctl -n kernel.unprivileged_userns_clone)" = "1" ]; then
|
||||||
|
sysctl -w kernel.unprivileged_userns_clone=0
|
||||||
|
fi
|
||||||
runuser -u user -- {{ CMD }} --mode=auto --variant=apt {{ DIST }} /tmp/debian-chroot.tar.gz {{ MIRROR }}
|
runuser -u user -- {{ CMD }} --mode=auto --variant=apt {{ DIST }} /tmp/debian-chroot.tar.gz {{ MIRROR }}
|
||||||
tar -tf /tmp/debian-chroot.tar.gz | sort | diff -u tar1.txt -
|
tar -tf /tmp/debian-chroot.tar.gz | sort | diff -u tar1.txt -
|
||||||
rm /tmp/debian-chroot.tar.gz
|
rm /tmp/debian-chroot.tar.gz
|
||||||
|
|
|
@ -6,7 +6,6 @@ if [ ! -e /mmdebstrap-testenv ]; then
|
||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
useradd --home-dir /home/user --create-home user
|
useradd --home-dir /home/user --create-home user
|
||||||
sysctl -w kernel.unprivileged_userns_clone=1
|
|
||||||
export SOURCE_DATE_EPOCH={{ SOURCE_DATE_EPOCH }}
|
export SOURCE_DATE_EPOCH={{ SOURCE_DATE_EPOCH }}
|
||||||
{{ CMD }} --mode=root --variant={{ VARIANT }} {{ DIST }} /tmp/debian-chroot-root.{{ FORMAT }} {{ MIRROR }}
|
{{ CMD }} --mode=root --variant={{ VARIANT }} {{ DIST }} /tmp/debian-chroot-root.{{ FORMAT }} {{ MIRROR }}
|
||||||
if [ "{{ FORMAT }}" = tar ]; then
|
if [ "{{ FORMAT }}" = tar ]; then
|
||||||
|
|
|
@ -8,13 +8,6 @@ if [ "$(id -u)" -eq 0 ] && ! id -u user > /dev/null 2>&1; then
|
||||||
fi
|
fi
|
||||||
useradd --home-dir /home/user --create-home user
|
useradd --home-dir /home/user --create-home user
|
||||||
fi
|
fi
|
||||||
if [ "{{ MODE }}" = unshare ]; then
|
|
||||||
if [ ! -e /mmdebstrap-testenv ]; then
|
|
||||||
echo "this test modifies the system and should only be run inside a container" >&2
|
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
sysctl -w kernel.unprivileged_userns_clone=1
|
|
||||||
fi
|
|
||||||
prefix=
|
prefix=
|
||||||
[ "$(id -u)" -eq 0 ] && [ "{{ MODE }}" != "root" ] && prefix="runuser -u user --"
|
[ "$(id -u)" -eq 0 ] && [ "{{ MODE }}" != "root" ] && prefix="runuser -u user --"
|
||||||
[ "{{ MODE }}" = "fakechroot" ] && prefix="$prefix fakechroot fakeroot"
|
[ "{{ MODE }}" = "fakechroot" ] && prefix="$prefix fakechroot fakeroot"
|
||||||
|
|
|
@ -6,7 +6,6 @@ if [ ! -e /mmdebstrap-testenv ]; then
|
||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
useradd --home-dir /home/user --create-home user
|
useradd --home-dir /home/user --create-home user
|
||||||
sysctl -w kernel.unprivileged_userns_clone=1
|
|
||||||
runuser -u user -- {{ CMD }} --mode=unshare --variant=apt {{ DIST }} /tmp/debian-chroot.tar.gz {{ MIRROR }}
|
runuser -u user -- {{ CMD }} --mode=unshare --variant=apt {{ DIST }} /tmp/debian-chroot.tar.gz {{ MIRROR }}
|
||||||
printf '\037\213\010' | cmp --bytes=3 /tmp/debian-chroot.tar.gz -
|
printf '\037\213\010' | cmp --bytes=3 /tmp/debian-chroot.tar.gz -
|
||||||
tar -tf /tmp/debian-chroot.tar.gz | sort | diff -u tar1.txt -
|
tar -tf /tmp/debian-chroot.tar.gz | sort | diff -u tar1.txt -
|
||||||
|
|
|
@ -16,13 +16,6 @@ if [ "$(id -u)" -eq 0 ] && [ "{{ MODE }}" != root ] && [ "{{ MODE }}" != auto ];
|
||||||
fi
|
fi
|
||||||
useradd --home-dir /home/user --create-home user
|
useradd --home-dir /home/user --create-home user
|
||||||
fi
|
fi
|
||||||
if [ "{{ MODE }}" = unshare ]; then
|
|
||||||
if [ ! -e /mmdebstrap-testenv ]; then
|
|
||||||
echo "this test modifies the system and should only be run inside a container" >&2
|
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
sysctl -w kernel.unprivileged_userns_clone=1
|
|
||||||
fi
|
|
||||||
prefix="runuser -u user --"
|
prefix="runuser -u user --"
|
||||||
if [ "{{ VARIANT }}" = extract ] || [ "{{ VARIANT }}" = custom ]; then
|
if [ "{{ VARIANT }}" = extract ] || [ "{{ VARIANT }}" = custom ]; then
|
||||||
include="$(tr '\n' ',' < pkglist.txt)"
|
include="$(tr '\n' ',' < pkglist.txt)"
|
||||||
|
|
|
@ -8,7 +8,6 @@ fi
|
||||||
# https://www.etalabs.net/sh_tricks.html
|
# https://www.etalabs.net/sh_tricks.html
|
||||||
quote () { printf %s\\n "$1" | sed "s/'/'\\\\''/g;1s/^/'/;\$s/\$/'/" ; }
|
quote () { printf %s\\n "$1" | sed "s/'/'\\\\''/g;1s/^/'/;\$s/\$/'/" ; }
|
||||||
useradd --home-dir /home/user --create-home user
|
useradd --home-dir /home/user --create-home user
|
||||||
sysctl -w kernel.unprivileged_userns_clone=1
|
|
||||||
homedir=$(runuser -u user -- sh -c 'cd && pwd')
|
homedir=$(runuser -u user -- sh -c 'cd && pwd')
|
||||||
# apt:test/integration/test-apt-key
|
# apt:test/integration/test-apt-key
|
||||||
TMPDIR_ADD="This is fü\$\$ing cràzy, \$(apt -v)\$!"
|
TMPDIR_ADD="This is fü\$\$ing cràzy, \$(apt -v)\$!"
|
||||||
|
|
|
@ -6,7 +6,6 @@ if [ ! -e /mmdebstrap-testenv ]; then
|
||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
useradd --home-dir /home/user --create-home user
|
useradd --home-dir /home/user --create-home user
|
||||||
sysctl -w kernel.unprivileged_userns_clone=1
|
|
||||||
mkdir /tmp/debian-chroot
|
mkdir /tmp/debian-chroot
|
||||||
chmod 700 /tmp/debian-chroot
|
chmod 700 /tmp/debian-chroot
|
||||||
chown user:user /tmp/debian-chroot
|
chown user:user /tmp/debian-chroot
|
||||||
|
|
|
@ -6,7 +6,6 @@ if [ ! -e /mmdebstrap-testenv ]; then
|
||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
useradd --home-dir /home/user --create-home user
|
useradd --home-dir /home/user --create-home user
|
||||||
sysctl -w kernel.unprivileged_userns_clone=1
|
|
||||||
rm /etc/subuid
|
rm /etc/subuid
|
||||||
ret=0
|
ret=0
|
||||||
runuser -u user -- {{ CMD }} --mode=unshare --variant=apt {{ DIST }} /tmp/debian-chroot {{ MIRROR }} || ret=$?
|
runuser -u user -- {{ CMD }} --mode=unshare --variant=apt {{ DIST }} /tmp/debian-chroot {{ MIRROR }} || ret=$?
|
||||||
|
|
|
@ -6,7 +6,6 @@ if [ ! -e /mmdebstrap-testenv ]; then
|
||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
useradd --home-dir /home/user --create-home user
|
useradd --home-dir /home/user --create-home user
|
||||||
sysctl -w kernel.unprivileged_userns_clone=1
|
|
||||||
awk -F: '$1!="user"' /etc/subuid > /etc/subuid.tmp
|
awk -F: '$1!="user"' /etc/subuid > /etc/subuid.tmp
|
||||||
mv /etc/subuid.tmp /etc/subuid
|
mv /etc/subuid.tmp /etc/subuid
|
||||||
ret=0
|
ret=0
|
||||||
|
|
|
@ -6,7 +6,6 @@ if [ ! -e /mmdebstrap-testenv ]; then
|
||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
useradd --home-dir /home/user --create-home user
|
useradd --home-dir /home/user --create-home user
|
||||||
sysctl -w kernel.unprivileged_userns_clone=1
|
|
||||||
export SOURCE_DATE_EPOCH={{ SOURCE_DATE_EPOCH }}
|
export SOURCE_DATE_EPOCH={{ SOURCE_DATE_EPOCH }}
|
||||||
|
|
||||||
filter() {
|
filter() {
|
||||||
|
|
|
@ -6,5 +6,4 @@ if [ ! -e /mmdebstrap-testenv ]; then
|
||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
useradd --home-dir /home/user --create-home user
|
useradd --home-dir /home/user --create-home user
|
||||||
sysctl -w kernel.unprivileged_userns_clone=1
|
|
||||||
runuser -u user -- {{ CMD }} --mode=unshare --variant=custom --include=dpkg,dash,diffutils,coreutils,libc-bin,sed {{ DIST }} /dev/null {{ MIRROR }}
|
runuser -u user -- {{ CMD }} --mode=unshare --variant=custom --include=dpkg,dash,diffutils,coreutils,libc-bin,sed {{ DIST }} /dev/null {{ MIRROR }}
|
||||||
|
|
|
@ -7,7 +7,6 @@ if [ ! -e /mmdebstrap-testenv ]; then
|
||||||
fi
|
fi
|
||||||
rm /dev/console
|
rm /dev/console
|
||||||
useradd --home-dir /home/user --create-home user
|
useradd --home-dir /home/user --create-home user
|
||||||
sysctl -w kernel.unprivileged_userns_clone=1
|
|
||||||
runuser -u user -- {{ CMD }} --mode=unshare --variant=apt {{ DIST }} /tmp/debian-chroot.tar {{ MIRROR }}
|
runuser -u user -- {{ CMD }} --mode=unshare --variant=apt {{ DIST }} /tmp/debian-chroot.tar {{ MIRROR }}
|
||||||
tar -tf /tmp/debian-chroot.tar | sort | diff -u tar1.txt -
|
tar -tf /tmp/debian-chroot.tar | sort | diff -u tar1.txt -
|
||||||
rm /tmp/debian-chroot.tar
|
rm /tmp/debian-chroot.tar
|
||||||
|
|
|
@ -11,7 +11,6 @@ if [ ! -e /mmdebstrap-testenv ]; then
|
||||||
fi
|
fi
|
||||||
[ "$(whoami)" = "root" ]
|
[ "$(whoami)" = "root" ]
|
||||||
useradd --home-dir /home/user --create-home user
|
useradd --home-dir /home/user --create-home user
|
||||||
sysctl -w kernel.unprivileged_userns_clone=1
|
|
||||||
cat << 'SCRIPT' > script.sh
|
cat << 'SCRIPT' > script.sh
|
||||||
#!/bin/sh
|
#!/bin/sh
|
||||||
set -eu
|
set -eu
|
||||||
|
|
|
@ -8,13 +8,6 @@ if [ "$(id -u)" -eq 0 ] && ! id -u user > /dev/null 2>&1; then
|
||||||
fi
|
fi
|
||||||
useradd --home-dir /home/user --create-home user
|
useradd --home-dir /home/user --create-home user
|
||||||
fi
|
fi
|
||||||
if [ "{{ MODE }}" = unshare ]; then
|
|
||||||
if [ ! -e /mmdebstrap-testenv ]; then
|
|
||||||
echo "this test modifies the system and should only be run inside a container" >&2
|
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
sysctl -w kernel.unprivileged_userns_clone=1
|
|
||||||
fi
|
|
||||||
prefix=
|
prefix=
|
||||||
[ "$(id -u)" -eq 0 ] && [ "{{ MODE }}" != "root" ] && prefix="runuser -u user --"
|
[ "$(id -u)" -eq 0 ] && [ "{{ MODE }}" != "root" ] && prefix="runuser -u user --"
|
||||||
[ "{{ MODE }}" = "fakechroot" ] && prefix="$prefix fakechroot fakeroot"
|
[ "{{ MODE }}" = "fakechroot" ] && prefix="$prefix fakechroot fakeroot"
|
||||||
|
|
|
@ -9,7 +9,6 @@ trap "rm -f /tmp/debian-chroot.tar /tmp/debian-chroot-shifted.tar /tmp/debian-ch
|
||||||
useradd --home-dir /home/user --create-home user
|
useradd --home-dir /home/user --create-home user
|
||||||
echo user:100000:65536 | cmp /etc/subuid -
|
echo user:100000:65536 | cmp /etc/subuid -
|
||||||
echo user:100000:65536 | cmp /etc/subgid -
|
echo user:100000:65536 | cmp /etc/subgid -
|
||||||
sysctl -w kernel.unprivileged_userns_clone=1
|
|
||||||
# include iputils-ping so that we can verify that tarfilter does not remove
|
# include iputils-ping so that we can verify that tarfilter does not remove
|
||||||
# extended attributes
|
# extended attributes
|
||||||
# run through tarshift no-op to create a tarball that should be bit-by-bit
|
# run through tarshift no-op to create a tarball that should be bit-by-bit
|
||||||
|
|
|
@ -8,13 +8,6 @@ if [ "$(id -u)" -eq 0 ] && ! id -u user > /dev/null 2>&1; then
|
||||||
fi
|
fi
|
||||||
useradd --home-dir /home/user --create-home user
|
useradd --home-dir /home/user --create-home user
|
||||||
fi
|
fi
|
||||||
if [ "{{ MODE }}" = unshare ]; then
|
|
||||||
if [ ! -e /mmdebstrap-testenv ]; then
|
|
||||||
echo "this test modifies the system and should only be run inside a container" >&2
|
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
sysctl -w kernel.unprivileged_userns_clone=1
|
|
||||||
fi
|
|
||||||
prefix=
|
prefix=
|
||||||
[ "$(id -u)" -eq 0 ] && [ "{{ MODE }}" != "root" ] && prefix="runuser -u user --"
|
[ "$(id -u)" -eq 0 ] && [ "{{ MODE }}" != "root" ] && prefix="runuser -u user --"
|
||||||
[ "{{ MODE }}" = "fakechroot" ] && prefix="$prefix fakechroot fakeroot"
|
[ "{{ MODE }}" = "fakechroot" ] && prefix="$prefix fakechroot fakeroot"
|
||||||
|
|
Loading…
Reference in a new issue