ITQC/containernetworking-plugins
24
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 34 Wiki Activity

test: enable unpriv user namespaces

Browse Source 
These are disabled by default in some distros; we would like to test
rootless, however.

Signed-off-by: Casey Callendrello <c1@caseyc.net>
This commit is contained in:
Casey Callendrello 2025-01-14 11:16:42 +01:00
parent ba8bc7d0c7
commit e8c7d9b930
1 changed files with 21 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
test_linux.sh
View File

@ -1,4 +1,4 @@
#!/usr/bin/env sh #!/usr/bin/env bash
# #
# Run CNI plugin tests. # Run CNI plugin tests.
# #
@ -18,6 +18,23 @@ testrun() {
sudo -E sh -c "umask 0; PATH=${GOPATH}/bin:$(pwd)/bin:${PATH} go test -race $*" sudo -E sh -c "umask 0; PATH=${GOPATH}/bin:$(pwd)/bin:${PATH} go test -race $*"
} }
ensure_sysctl() {
local key
local val
local existing
key="$1"
val="$2"
existing="$(sysctl -ben "$key")"
sysctl -r
if [ "$val" -ne "$existing" ]; then
echo "sudo sysctl -we '$key'='$val'"
sudo sysctl -we "$key"="$val"
fi
}
COVERALLS=${COVERALLS:-""} COVERALLS=${COVERALLS:-""}
if [ -n "${COVERALLS}" ]; then if [ -n "${COVERALLS}" ]; then
@ -40,4 +57,7 @@ done
# Run the pkg/ns tests as non root user # Run the pkg/ns tests as non root user
mkdir -p /tmp/cni-rootless mkdir -p /tmp/cni-rootless
ensure_sysctl kernel.unprivileged_userns_clone 1
ensure_sysctl kernel.apparmor_restrict_unprivileged_userns 0
(export XDG_RUNTIME_DIR=/tmp/cni-rootless; cd pkg/ns/; unshare -rmn go test) (export XDG_RUNTIME_DIR=/tmp/cni-rootless; cd pkg/ns/; unshare -rmn go test)