Skip to content

[1.0] tests/int/no_pivot: fix for new kernels #3075

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
mrunalp merged 1 commit into from
Jul 8, 2021
Merged

[1.0] tests/int/no_pivot: fix for new kernels #3075

mrunalp merged 1 commit into from
Jul 8, 2021

Conversation

@kolyshkin
Copy link
Contributor

@kolyshkin kolyshkin commented Jul 8, 2021

This is a backport of PR #3051 to release-1.0 branch to fix CI. Clean cherry-pick, no issues, original description follows.

The test is failing like this:

not ok 70 runc run --no-pivot must not expose bare /proc
# (in test file tests/integration/no_pivot.bats, line 20)
#   `[[ "$output" == *"mount: permission denied"* ]]' failed
# runc spec (status=0):
#
# runc run --no-pivot test_no_pivot (status=1):
# unshare: write error: Operation not permitted

Apparently, a recent kernel commit db2e718a47984b9d prevents
root from doing unshare -r unless it has CAP_SETFPCAP.

Add the capability for this specific test.

Signed-off-by: Kir Kolyshkin kolyshkin@gmail.com
(cherry picked from commit 1bbeada)
Signed-off-by: Kir Kolyshkin kolyshkin@gmail.com

@kolyshkin
tests/int/no_pivot: fix for new kernels
e99c0f5 
The test is failing like this:

	not ok 70 runc run --no-pivot must not expose bare /proc
	# (in test file tests/integration/no_pivot.bats, line 20)
	#   `[[ "$output" == *"mount: permission denied"* ]]' failed
	# runc spec (status=0):
	#
	# runc run --no-pivot test_no_pivot (status=1):
	# unshare: write error: Operation not permitted

Apparently, a recent kernel commit db2e718a47984b9d prevents
root from doing unshare -r unless it has CAP_SETFPCAP.

Add the capability for this specific test.

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
(cherry picked from commit 1bbeada)
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
@kolyshkin kolyshkin added this to the 1.0.1 milestone Jul 8, 2021
This was referenced Jul 8, 2021
Merged
Closed
@mrunalp mrunalp merged commit 8fad08a into opencontainers:release-1.0 Jul 8, 2021
@cyphar cyphar added the backport/1.0-pr A backport PR to release-1.0 label Jul 15, 2021
@kolyshkin kolyshkin mentioned this pull request Nov 30, 2021
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@mrunalp mrunalp mrunalp approved these changes

@AkihiroSuda AkihiroSuda AkihiroSuda approved these changes

Assignees

No one assigned

Labels

backport/1.0-pr A backport PR to release-1.0

Projects

None yet

Milestone

1.0.1

Development

Successfully merging this pull request may close these issues.

4 participants

@kolyshkin @mrunalp @AkihiroSuda @cyphar