From b78fb638e7520b4b2168511d8093a4916825f7df Mon Sep 17 00:00:00 2001 From: Johannes Schauer Marin Rodrigues Date: Wed, 1 Feb 2023 18:36:57 +0100 Subject: [PATCH] tests: do not run sysctl -w kernel.unprivileged_userns_clone=1 as its the default value since linux 5.10.1 (Dec 2020) --- tests/as-debootstrap-unshare-wrapper | 1 - tests/auto-mode-without-unshare-capabilities | 4 +++- tests/check-for-bit-by-bit-identical-format-output | 1 - tests/create-arm64-tarball | 7 ------- tests/create-gzip-compressed-tarball | 1 - tests/create-tarball-dry-run | 7 ------- tests/custom-tmpdir | 1 - tests/cwd-directory-not-accessible-by-unshared-user | 1 - tests/fail-without-etc-subuid | 1 - tests/fail-without-username-in-etc-subuid | 1 - tests/jessie-or-older | 1 - tests/missing-dev-sys-proc-inside-the-chroot | 1 - tests/missing-device-nodes-outside-the-chroot | 1 - tests/root-mode-inside-unshare-chroot | 1 - tests/special-hooks-with-mode-mode | 7 ------- tests/tarfilter-idshift | 1 - tests/unpack-doc-debian | 7 ------- 17 files changed, 3 insertions(+), 41 deletions(-) diff --git a/tests/as-debootstrap-unshare-wrapper b/tests/as-debootstrap-unshare-wrapper index b3b3fee..75295b8 100644 --- a/tests/as-debootstrap-unshare-wrapper +++ b/tests/as-debootstrap-unshare-wrapper @@ -6,7 +6,6 @@ if [ ! -e /mmdebstrap-testenv ]; then echo "this test modifies the system and should only be run inside a container" >&2 exit 1 fi -sysctl -w kernel.unprivileged_userns_clone=1 useradd --home-dir /home/user --create-home user runuser -u user -- {{ CMD }} --variant=custom --mode=unshare --setup-hook='env container=lxc debootstrap unstable "$1" {{ MIRROR }}' - /tmp/debian-mm.tar {{ MIRROR }} diff --git a/tests/auto-mode-without-unshare-capabilities b/tests/auto-mode-without-unshare-capabilities index e3cc98d..17244b8 100644 --- a/tests/auto-mode-without-unshare-capabilities +++ b/tests/auto-mode-without-unshare-capabilities @@ -6,7 +6,9 @@ if [ ! -e /mmdebstrap-testenv ]; then exit 1 fi useradd --home-dir /home/user --create-home user -sysctl -w kernel.unprivileged_userns_clone=0 +if [ -e /proc/sys/kernel/unprivileged_userns_clone ] && [ "$(sysctl -n kernel.unprivileged_userns_clone)" = "1" ]; then + sysctl -w kernel.unprivileged_userns_clone=0 +fi runuser -u user -- {{ CMD }} --mode=auto --variant=apt {{ DIST }} /tmp/debian-chroot.tar.gz {{ MIRROR }} tar -tf /tmp/debian-chroot.tar.gz | sort | diff -u tar1.txt - rm /tmp/debian-chroot.tar.gz diff --git a/tests/check-for-bit-by-bit-identical-format-output b/tests/check-for-bit-by-bit-identical-format-output index 2152425..76b448e 100644 --- a/tests/check-for-bit-by-bit-identical-format-output +++ b/tests/check-for-bit-by-bit-identical-format-output @@ -6,7 +6,6 @@ if [ ! -e /mmdebstrap-testenv ]; then exit 1 fi useradd --home-dir /home/user --create-home user -sysctl -w kernel.unprivileged_userns_clone=1 export SOURCE_DATE_EPOCH={{ SOURCE_DATE_EPOCH }} {{ CMD }} --mode=root --variant={{ VARIANT }} {{ DIST }} /tmp/debian-chroot-root.{{ FORMAT }} {{ MIRROR }} if [ "{{ FORMAT }}" = tar ]; then diff --git a/tests/create-arm64-tarball b/tests/create-arm64-tarball index 1953ba4..5dfe679 100644 --- a/tests/create-arm64-tarball +++ b/tests/create-arm64-tarball @@ -8,13 +8,6 @@ if [ "$(id -u)" -eq 0 ] && ! id -u user > /dev/null 2>&1; then fi useradd --home-dir /home/user --create-home user fi -if [ "{{ MODE }}" = unshare ]; then - if [ ! -e /mmdebstrap-testenv ]; then - echo "this test modifies the system and should only be run inside a container" >&2 - exit 1 - fi - sysctl -w kernel.unprivileged_userns_clone=1 -fi prefix= [ "$(id -u)" -eq 0 ] && [ "{{ MODE }}" != "root" ] && prefix="runuser -u user --" [ "{{ MODE }}" = "fakechroot" ] && prefix="$prefix fakechroot fakeroot" diff --git a/tests/create-gzip-compressed-tarball b/tests/create-gzip-compressed-tarball index 444a87d..dc7deed 100644 --- a/tests/create-gzip-compressed-tarball +++ b/tests/create-gzip-compressed-tarball @@ -6,7 +6,6 @@ if [ ! -e /mmdebstrap-testenv ]; then exit 1 fi useradd --home-dir /home/user --create-home user -sysctl -w kernel.unprivileged_userns_clone=1 runuser -u user -- {{ CMD }} --mode=unshare --variant=apt {{ DIST }} /tmp/debian-chroot.tar.gz {{ MIRROR }} printf '\037\213\010' | cmp --bytes=3 /tmp/debian-chroot.tar.gz - tar -tf /tmp/debian-chroot.tar.gz | sort | diff -u tar1.txt - diff --git a/tests/create-tarball-dry-run b/tests/create-tarball-dry-run index 6bb3799..997e827 100644 --- a/tests/create-tarball-dry-run +++ b/tests/create-tarball-dry-run @@ -16,13 +16,6 @@ if [ "$(id -u)" -eq 0 ] && [ "{{ MODE }}" != root ] && [ "{{ MODE }}" != auto ]; fi useradd --home-dir /home/user --create-home user fi - if [ "{{ MODE }}" = unshare ]; then - if [ ! -e /mmdebstrap-testenv ]; then - echo "this test modifies the system and should only be run inside a container" >&2 - exit 1 - fi - sysctl -w kernel.unprivileged_userns_clone=1 - fi prefix="runuser -u user --" if [ "{{ VARIANT }}" = extract ] || [ "{{ VARIANT }}" = custom ]; then include="$(tr '\n' ',' < pkglist.txt)" diff --git a/tests/custom-tmpdir b/tests/custom-tmpdir index 15eeb38..3d3ac4d 100644 --- a/tests/custom-tmpdir +++ b/tests/custom-tmpdir @@ -8,7 +8,6 @@ fi # https://www.etalabs.net/sh_tricks.html quote () { printf %s\\n "$1" | sed "s/'/'\\\\''/g;1s/^/'/;\$s/\$/'/" ; } useradd --home-dir /home/user --create-home user -sysctl -w kernel.unprivileged_userns_clone=1 homedir=$(runuser -u user -- sh -c 'cd && pwd') # apt:test/integration/test-apt-key TMPDIR_ADD="This is fü\$\$ing cràzy, \$(apt -v)\$!" diff --git a/tests/cwd-directory-not-accessible-by-unshared-user b/tests/cwd-directory-not-accessible-by-unshared-user index 158ae32..0bb06c3 100644 --- a/tests/cwd-directory-not-accessible-by-unshared-user +++ b/tests/cwd-directory-not-accessible-by-unshared-user @@ -6,7 +6,6 @@ if [ ! -e /mmdebstrap-testenv ]; then exit 1 fi useradd --home-dir /home/user --create-home user -sysctl -w kernel.unprivileged_userns_clone=1 mkdir /tmp/debian-chroot chmod 700 /tmp/debian-chroot chown user:user /tmp/debian-chroot diff --git a/tests/fail-without-etc-subuid b/tests/fail-without-etc-subuid index 7967bc5..197cb0a 100644 --- a/tests/fail-without-etc-subuid +++ b/tests/fail-without-etc-subuid @@ -6,7 +6,6 @@ if [ ! -e /mmdebstrap-testenv ]; then exit 1 fi useradd --home-dir /home/user --create-home user -sysctl -w kernel.unprivileged_userns_clone=1 rm /etc/subuid ret=0 runuser -u user -- {{ CMD }} --mode=unshare --variant=apt {{ DIST }} /tmp/debian-chroot {{ MIRROR }} || ret=$? diff --git a/tests/fail-without-username-in-etc-subuid b/tests/fail-without-username-in-etc-subuid index 57e9dcf..7ef01bc 100644 --- a/tests/fail-without-username-in-etc-subuid +++ b/tests/fail-without-username-in-etc-subuid @@ -6,7 +6,6 @@ if [ ! -e /mmdebstrap-testenv ]; then exit 1 fi useradd --home-dir /home/user --create-home user -sysctl -w kernel.unprivileged_userns_clone=1 awk -F: '$1!="user"' /etc/subuid > /etc/subuid.tmp mv /etc/subuid.tmp /etc/subuid ret=0 diff --git a/tests/jessie-or-older b/tests/jessie-or-older index 2eee845..6538563 100644 --- a/tests/jessie-or-older +++ b/tests/jessie-or-older @@ -6,7 +6,6 @@ if [ ! -e /mmdebstrap-testenv ]; then exit 1 fi useradd --home-dir /home/user --create-home user -sysctl -w kernel.unprivileged_userns_clone=1 export SOURCE_DATE_EPOCH={{ SOURCE_DATE_EPOCH }} filter() { diff --git a/tests/missing-dev-sys-proc-inside-the-chroot b/tests/missing-dev-sys-proc-inside-the-chroot index 741c6be..7007d09 100644 --- a/tests/missing-dev-sys-proc-inside-the-chroot +++ b/tests/missing-dev-sys-proc-inside-the-chroot @@ -6,5 +6,4 @@ if [ ! -e /mmdebstrap-testenv ]; then exit 1 fi useradd --home-dir /home/user --create-home user -sysctl -w kernel.unprivileged_userns_clone=1 runuser -u user -- {{ CMD }} --mode=unshare --variant=custom --include=dpkg,dash,diffutils,coreutils,libc-bin,sed {{ DIST }} /dev/null {{ MIRROR }} diff --git a/tests/missing-device-nodes-outside-the-chroot b/tests/missing-device-nodes-outside-the-chroot index 1a59817..7f2fa27 100644 --- a/tests/missing-device-nodes-outside-the-chroot +++ b/tests/missing-device-nodes-outside-the-chroot @@ -7,7 +7,6 @@ if [ ! -e /mmdebstrap-testenv ]; then fi rm /dev/console useradd --home-dir /home/user --create-home user -sysctl -w kernel.unprivileged_userns_clone=1 runuser -u user -- {{ CMD }} --mode=unshare --variant=apt {{ DIST }} /tmp/debian-chroot.tar {{ MIRROR }} tar -tf /tmp/debian-chroot.tar | sort | diff -u tar1.txt - rm /tmp/debian-chroot.tar diff --git a/tests/root-mode-inside-unshare-chroot b/tests/root-mode-inside-unshare-chroot index c3b3291..461de27 100644 --- a/tests/root-mode-inside-unshare-chroot +++ b/tests/root-mode-inside-unshare-chroot @@ -11,7 +11,6 @@ if [ ! -e /mmdebstrap-testenv ]; then fi [ "$(whoami)" = "root" ] useradd --home-dir /home/user --create-home user -sysctl -w kernel.unprivileged_userns_clone=1 cat << 'SCRIPT' > script.sh #!/bin/sh set -eu diff --git a/tests/special-hooks-with-mode-mode b/tests/special-hooks-with-mode-mode index 248c10f..60d5d85 100644 --- a/tests/special-hooks-with-mode-mode +++ b/tests/special-hooks-with-mode-mode @@ -8,13 +8,6 @@ if [ "$(id -u)" -eq 0 ] && ! id -u user > /dev/null 2>&1; then fi useradd --home-dir /home/user --create-home user fi -if [ "{{ MODE }}" = unshare ]; then - if [ ! -e /mmdebstrap-testenv ]; then - echo "this test modifies the system and should only be run inside a container" >&2 - exit 1 - fi - sysctl -w kernel.unprivileged_userns_clone=1 -fi prefix= [ "$(id -u)" -eq 0 ] && [ "{{ MODE }}" != "root" ] && prefix="runuser -u user --" [ "{{ MODE }}" = "fakechroot" ] && prefix="$prefix fakechroot fakeroot" diff --git a/tests/tarfilter-idshift b/tests/tarfilter-idshift index 5b61054..731d40f 100644 --- a/tests/tarfilter-idshift +++ b/tests/tarfilter-idshift @@ -9,7 +9,6 @@ trap "rm -f /tmp/debian-chroot.tar /tmp/debian-chroot-shifted.tar /tmp/debian-ch useradd --home-dir /home/user --create-home user echo user:100000:65536 | cmp /etc/subuid - echo user:100000:65536 | cmp /etc/subgid - -sysctl -w kernel.unprivileged_userns_clone=1 # include iputils-ping so that we can verify that tarfilter does not remove # extended attributes # run through tarshift no-op to create a tarball that should be bit-by-bit diff --git a/tests/unpack-doc-debian b/tests/unpack-doc-debian index ce35275..cbf2bbd 100644 --- a/tests/unpack-doc-debian +++ b/tests/unpack-doc-debian @@ -8,13 +8,6 @@ if [ "$(id -u)" -eq 0 ] && ! id -u user > /dev/null 2>&1; then fi useradd --home-dir /home/user --create-home user fi -if [ "{{ MODE }}" = unshare ]; then - if [ ! -e /mmdebstrap-testenv ]; then - echo "this test modifies the system and should only be run inside a container" >&2 - exit 1 - fi - sysctl -w kernel.unprivileged_userns_clone=1 -fi prefix= [ "$(id -u)" -eq 0 ] && [ "{{ MODE }}" != "root" ] && prefix="runuser -u user --" [ "{{ MODE }}" = "fakechroot" ] && prefix="$prefix fakechroot fakeroot"