From: Meng Zhuo <mengzhuo1203@gmail.com>
Date: Thu, 6 Jun 2019 10:07:13 +0000 (+0800)
Subject: syscall: skip test if unprivileged_userns_clone sysctl is missing
X-Git-Tag: go1.13beta1~134
X-Git-Url: http://www.git.cypherpunks.su/?a=commitdiff_plain;h=f31b7b9b5b43277fb8b77ee57389a0b2f5278c1e;p=gostls13.git

syscall: skip test if unprivileged_userns_clone sysctl is missing

The original test (CL 166460) didn't check the existence of
/proc/sys/kernel/unprivileged_userns_clone and continue the test
if the file doesn't exist.

Fixes #32459

Change-Id: Iab4938252fcaded32b61e17edf68f966c2565582
Reviewed-on: https://go-review.googlesource.com/c/go/+/180877
Run-TryBot: Tobias Klauser <tobias.klauser@gmail.com>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Tobias Klauser <tobias.klauser@gmail.com>
---

diff --git a/src/syscall/exec_linux_test.go b/src/syscall/exec_linux_test.go
index 09ced3b0e0..8759775fcc 100644
--- a/src/syscall/exec_linux_test.go
+++ b/src/syscall/exec_linux_test.go
@@ -42,6 +42,15 @@ func skipInContainer(t *testing.T) {
 	}
 }
 
+func skipUnprivilegedUserClone(t *testing.T) {
+	// Skip the test if the sysctl that prevents unprivileged user
+	// from creating user namespaces is enabled.
+	data, errRead := ioutil.ReadFile("/proc/sys/kernel/unprivileged_userns_clone")
+	if errRead != nil || len(data) < 1 && data[0] == '0' {
+		t.Skip("kernel prohibits user namespace in unprivileged process")
+	}
+}
+
 // Check if we are in a chroot by checking if the inode of / is
 // different from 2 (there is no better test available to non-root on
 // linux).
@@ -72,10 +81,7 @@ func checkUserNS(t *testing.T) {
 	}
 	// On some systems, there is a sysctl setting.
 	if os.Getuid() != 0 {
-		data, errRead := ioutil.ReadFile("/proc/sys/kernel/unprivileged_userns_clone")
-		if errRead == nil && data[0] == '0' {
-			t.Skip("kernel prohibits user namespace in unprivileged process")
-		}
+		skipUnprivilegedUserClone(t)
 	}
 	// On Centos 7 make sure they set the kernel parameter user_namespace=1
 	// See issue 16283 and 20796.
@@ -582,12 +588,7 @@ func testAmbientCaps(t *testing.T, userns bool) {
 		t.Skip("skipping test on Kubernetes-based builders; see Issue 12815")
 	}
 
-	// Skip the test if the sysctl that prevents unprivileged user
-	// from creating user namespaces is enabled.
-	data, errRead := ioutil.ReadFile("/proc/sys/kernel/unprivileged_userns_clone")
-	if errRead == nil && data[0] == '0' {
-		t.Skip("kernel prohibits user namespace in unprivileged process")
-	}
+	skipUnprivilegedUserClone(t)
 
 	// skip on android, due to lack of lookup support
 	if runtime.GOOS == "android" {