Cypherpunks repositories - gostls13.git/commit

author	Alberto Donizetti <alb.donizetti@gmail.com>
	Sat, 9 Mar 2019 17:01:26 +0000 (18:01 +0100)
committer	Brad Fitzpatrick <bradfitz@golang.org>
	Sun, 10 Mar 2019 21:01:02 +0000 (21:01 +0000)
commit	1c2d4da10f6edf9a83fb0cffaaf9f631f462d26b
tree	471a5b73aff9ce44a672fa717648d706b74f1f69	tree
parent	e2dc41b4909400341ec12058261206bb842cc2e0	commit \| diff

syscall: skip non-root user namespace test if kernel forbids

The unprivileged_userns_clone sysctl prevents unpriviledged users from
creating namespaces, which the AmbientCaps test does. It's set to 0 by
default in a few Linux distributions (Debian and Arch, possibly
others), so we need to check it before running the test.

I've verified that setting

echo 1 > /proc/sys/kernel/unprivileged_userns_clone

and then running the test *without this patch* makes it pass, which
proves that checking unprivileged_userns_clone is indeed sufficient.

Fixes #30698

Change-Id: Ib2079b5e714d7f2440ddf979c3e7cfda9a9c5005
Reviewed-on: https://go-review.googlesource.com/c/go/+/166460
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
Run-TryBot: Brad Fitzpatrick <bradfitz@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>