From 45e501c051fe5e7f5116c44c44832af14b775527 Mon Sep 17 00:00:00 2001 From: David Thompson
Date: Mon, 7 Sep 2015 15:38:08 -0400 Subject: [PATCH] tests: Detect when user namespaces are disabled for unprivileged users. * guix/tests.scm (%user-namespaces?): New variable. * tests/containers.scm: Skip tests unless user can create user namespaces. * tests/syscalls.scm: Likewise for clone, setns, and pivot-root tests. --- guix/tests.scm | 13 ++++++++++++- tests/containers.scm | 3 ++- tests/syscalls.scm | 10 ++++++---- 3 files changed, 20 insertions(+), 6 deletions(-) diff --git a/guix/tests.scm b/guix/tests.scm index cd8eda2..4634323 100644 --- a/guix/tests.scm +++ b/guix/tests.scm @@ -41,7 +41,8 @@ with-derivation-narinfo with-derivation-substitute dummy-package - dummy-origin)) + dummy-origin + %user-namespaces?)) ;;; Commentary: ;;; @@ -259,6 +260,16 @@ default values, and with EXTRA-FIELDS set as specified." (method #f) (uri "http://www.example.com") (sha256 (base32 (make-string 52 #\x))))) +;; User namespaces are only available on more recent versions of Linux, and +;; some systems do not allow unprivileged users to create them. +(define %user-namespaces? + (and (file-exists? "/proc/self/ns/user") + (or (zero? (getuid)) ; root is OK + (let ((config-file "/proc/sys/kernel/unprivileged_userns_clone")) + (if (file-exists? config-file) + (string=? (call-with-input-file config-file read-string) "1") + #t))))) + ;; Local Variables: ;; eval: (put 'call-with-derivation-narinfo 'scheme-indent-function 1) ;; eval: (put 'call-with-derivation-substitute 'scheme-indent-function 2) diff --git a/tests/containers.scm b/tests/containers.scm index 4783f8e..25e908b 100644 --- a/tests/containers.scm +++ b/tests/containers.scm @@ -17,6 +17,7 @@ ;;; along with GNU Guix. If not, see