|
| From: | David Thompson |
| Subject: | 01/01: tests: containers: Skip if setgroups file does not exist. |
| Date: | Tue, 11 Aug 2015 12:47:49 +0000 |
davexunit pushed a commit to branch master
in repository guix.
commit bc459b617fbeb1b184bb8088334752284ecb8da6
Author: David Thompson <address@hidden>
Date: Tue Aug 11 08:30:28 2015 -0400
tests: containers: Skip if setgroups file does not exist.
Fixes bug #21226.
Linux 3.19 introduced a fix for a security vulnerability in user namespaces.
This fix introduced a new proc file called 'setgroups' and was backported to
many older kernels. However, some users run a kernel that is new enough to
support user namespaces yet old enough to not include the patch, so we must
skip the tests.
* tests/containers.scm: Skip all tests if /proc/self/setgroups does not
exist.
---
tests/containers.scm | 6 ++++--
1 files changed, 4 insertions(+), 2 deletions(-)
diff --git a/tests/containers.scm b/tests/containers.scm
index cc90f1e..4783f8e 100644
--- a/tests/containers.scm
+++ b/tests/containers.scm
@@ -26,8 +26,10 @@
(define (assert-exit x)
(primitive-exit (if x 0 1)))
-;; Skip these tests unless user namespaces are available.
-(unless (file-exists? "/proc/self/ns/user")
+;; Skip these tests unless user namespaces are available and the setgroups
+;; file (introduced in Linux 3.19 to address a security issue) exists.
+(unless (and (file-exists? "/proc/self/ns/user")
+ (file-exists? "/proc/self/setgroups"))
(exit 77))
(test-begin "containers")
| [Prev in Thread] | Current Thread | [Next in Thread] |