Skip to content

Commit

Permalink
test: skip TEST-43-PRIVATEUSER-UNPRIV if unprivileged userns is restr…
Browse files Browse the repository at this point in the history 
…icted

With newer versions of AppArmor, unprivileged user namespace creation
may be restricted by default, in which case user manager instances will
not be able to apply PrivateUsers=yes (or the settings which require it).

This can be tested with the kernel.apparmor_restrict_unprivileged_userns
sysctl.
  • Loading branch information
@enr0n @yuwata
enr0n authored and yuwata committed Jan 12, 2024
1 parent 7a10e25 commit fec0d50
Showing 1 changed file with 5 additions and 0 deletions.
5 changes: 5 additions & 0 deletions test/units/testsuite-43.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,11 @@ set -o pipefail
# shellcheck source=test/units/util.sh
. "$(dirname "$0")"/util.sh

if [[ "$(sysctl -ne kernel.apparmor_restrict_unprivileged_userns)" -eq 1 ]]; then
echo "Cannot create unprivileged user namespaces" >/skipped
exit 0
fi

systemd-analyze log-level debug

runas testuser systemd-run --wait --user --unit=test-private-users \
Expand Down

0 comments on commit fec0d50

Please sign in to comment.