aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDavid Thompson <dthompson2@worcester.edu>2015-08-11 08:30:28 -0400
committerDavid Thompson <dthompson2@worcester.edu>2015-08-11 08:30:28 -0400
commitbc459b617fbeb1b184bb8088334752284ecb8da6 (patch)
treeb35161d55edcc430b60f7fe7b2046d135be172ec
parent7549f9841539efe2ef71d1e7a675a73ac6b19ace (diff)
downloadpatches-bc459b617fbeb1b184bb8088334752284ecb8da6.tar
patches-bc459b617fbeb1b184bb8088334752284ecb8da6.tar.gz
tests: containers: Skip if setgroups file does not exist.
Fixes bug #21226. Linux 3.19 introduced a fix for a security vulnerability in user namespaces. This fix introduced a new proc file called 'setgroups' and was backported to many older kernels. However, some users run a kernel that is new enough to support user namespaces yet old enough to not include the patch, so we must skip the tests. * tests/containers.scm: Skip all tests if /proc/self/setgroups does not exist.
-rw-r--r--tests/containers.scm6
1 files changed, 4 insertions, 2 deletions
diff --git a/tests/containers.scm b/tests/containers.scm
index cc90f1ed6c..4783f8e8a5 100644
--- a/tests/containers.scm
+++ b/tests/containers.scm
@@ -26,8 +26,10 @@
(define (assert-exit x)
(primitive-exit (if x 0 1)))
-;; Skip these tests unless user namespaces are available.
-(unless (file-exists? "/proc/self/ns/user")
+;; Skip these tests unless user namespaces are available and the setgroups
+;; file (introduced in Linux 3.19 to address a security issue) exists.
+(unless (and (file-exists? "/proc/self/ns/user")
+ (file-exists? "/proc/self/setgroups"))
(exit 77))
(test-begin "containers")