syscall: update check for UserNS support for centos 7

Fixes #20796
Fixes #16283

Change-Id: Ib11992fbd2bc1fbb3b14ae5a6bf0da2e4c12f641
Reviewed-on: https://go-review.googlesource.com/49311
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
Run-TryBot: Brad Fitzpatrick <bradfitz@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>

diff --git a/src/syscall/exec_linux_test.go b/src/syscall/exec_linux_test.go
index 5c7d8a29c18cc6283f77cc7ada0340c28b4d8dc8..114deec5bbec2ce9c542dc19d9fd2e4cdd1f795e 100644 (file)
--- a/src/syscall/exec_linux_test.go
+++ b/src/syscall/exec_linux_test.go
@@ -57,6 +57,14 @@ func checkUserNS(t *testing.T) {
                        t.Skip("kernel prohibits user namespace in unprivileged process")
                }
        }
+       // On Centos 7 make sure they set the kernel parameter user_namespace=1
+       // See issue 16283 and 20796.
+       if _, err := os.Stat("/sys/module/user_namespace/parameters/enable"); err == nil {
+               buf, _ := ioutil.ReadFile("/sys/module/user_namespace/parameters/enabled")
+               if !strings.HasPrefix(string(buf), "Y") {
+                       t.Skip("kernel doesn't support user namespaces")
+               }
+       }
        // When running under the Go continuous build, skip tests for
        // now when under Kubernetes. (where things are root but not quite)
        // Both of these are our own environment variables.