Skip to content

tests/int/no_pivot: fixup for new kernels #3051

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
AkihiroSuda merged 1 commit into from
Jun 30, 2021
Merged

tests/int/no_pivot: fixup for new kernels #3051

AkihiroSuda merged 1 commit into from
Jun 30, 2021

Conversation

@kolyshkin
Copy link
Contributor

@kolyshkin kolyshkin commented Jun 29, 2021
edited
Loading

Since today, the test is failing like this on GHA CI (and also happens to fail on my machine with a recent F34 kernel):

not ok 70 runc run --no-pivot must not expose bare /proc
# (in test file tests/integration/no_pivot.bats, line 20)
#   `[[ "$output" == *"mount: permission denied"* ]]' failed
# runc spec (status=0):
#
# runc run --no-pivot test_no_pivot (status=1):
# unshare: write error: Operation not permitted

Apparently, a recent kernel commit db2e718a47984b9d prevents
root from doing unshare -r unless it has CAP_SETFCAP.

Add the capability for this specific test.

Fixes: #3050

1.0 backport: #3075

@kolyshkin
tests/int/no_pivot: fix for new kernels
1bbeada 
The test is failing like this:

	not ok 70 runc run --no-pivot must not expose bare /proc
	# (in test file tests/integration/no_pivot.bats, line 20)
	#   `[[ "$output" == *"mount: permission denied"* ]]' failed
	# runc spec (status=0):
	#
	# runc run --no-pivot test_no_pivot (status=1):
	# unshare: write error: Operation not permitted

Apparently, a recent kernel commit db2e718a47984b9d prevents
root from doing unshare -r unless it has CAP_SETFPCAP.

Add the capability for this specific test.

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
@kolyshkin kolyshkin changed the title tests/int/no_pivot: fix for new kernels tests/int/no_pivot: fixup for new kernels Jun 29, 2021
@kolyshkin kolyshkin marked this pull request as ready for review June 29, 2021 20:54
@kolyshkin kolyshkin requested review from AkihiroSuda and cyphar June 29, 2021 20:54
@AkihiroSuda AkihiroSuda merged commit b12e6bc into opencontainers:master Jun 30, 2021
@kolyshkin kolyshkin mentioned this pull request Jun 30, 2021
Merged
@kolyshkin kolyshkin mentioned this pull request Jul 8, 2021
Merged
@kolyshkin kolyshkin added the backport/1.0-todo A PR in main branch which needs to be backported to release-1.0 label Jul 8, 2021
@kolyshkin kolyshkin mentioned this pull request Jul 8, 2021
Merged
@kolyshkin kolyshkin added backport/1.0-done A PR in main branch which has been backported to release-1.0 and removed backport/1.0-todo A PR in main branch which needs to be backported to release-1.0 labels Nov 30, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@mrunalp mrunalp mrunalp approved these changes

@AkihiroSuda AkihiroSuda AkihiroSuda approved these changes

@cyphar cyphar Awaiting requested review from cyphar

Assignees

No one assigned

Labels

area/ci backport/1.0-done A PR in main branch which has been backported to release-1.0

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[ci] not ok 70 runc run --no-pivot must not expose bare /proc

3 participants

@kolyshkin @mrunalp @AkihiroSuda