diff options
author | David Thompson <dthompson2@worcester.edu> | 2015-08-11 08:30:28 -0400 |
---|---|---|
committer | David Thompson <dthompson2@worcester.edu> | 2015-08-11 08:30:28 -0400 |
commit | bc459b617fbeb1b184bb8088334752284ecb8da6 (patch) | |
tree | b35161d55edcc430b60f7fe7b2046d135be172ec /tests | |
parent | 7549f9841539efe2ef71d1e7a675a73ac6b19ace (diff) |
tests: containers: Skip if setgroups file does not exist.
Fixes bug #21226.
Linux 3.19 introduced a fix for a security vulnerability in user namespaces.
This fix introduced a new proc file called 'setgroups' and was backported to
many older kernels. However, some users run a kernel that is new enough to
support user namespaces yet old enough to not include the patch, so we must
skip the tests.
* tests/containers.scm: Skip all tests if /proc/self/setgroups does not exist.
Diffstat (limited to 'tests')
-rw-r--r-- | tests/containers.scm | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/tests/containers.scm b/tests/containers.scm index cc90f1ed6c..4783f8e8a5 100644 --- a/tests/containers.scm +++ b/tests/containers.scm @@ -26,8 +26,10 @@ (define (assert-exit x) (primitive-exit (if x 0 1))) -;; Skip these tests unless user namespaces are available. -(unless (file-exists? "/proc/self/ns/user") +;; Skip these tests unless user namespaces are available and the setgroups +;; file (introduced in Linux 3.19 to address a security issue) exists. +(unless (and (file-exists? "/proc/self/ns/user") + (file-exists? "/proc/self/setgroups")) (exit 77)) (test-begin "containers") |