From 7ab696f6b0e2d68cda7e28e68679e0f9fa06ef54 Mon Sep 17 00:00:00 2001 From: Jessica Frazelle Date: Wed, 2 Mar 2016 16:58:49 -0800 Subject: [PATCH] fix centos when userns not in kernel Signed-off-by: Jessica Frazelle --- integration-cli/docker_cli_run_unix_test.go | 4 ++-- integration-cli/requirements.go | 13 +++++++++++++ 2 files changed, 15 insertions(+), 2 deletions(-) diff --git a/integration-cli/docker_cli_run_unix_test.go b/integration-cli/docker_cli_run_unix_test.go index 173f6b5bbd..634765297b 100644 --- a/integration-cli/docker_cli_run_unix_test.go +++ b/integration-cli/docker_cli_run_unix_test.go @@ -817,7 +817,7 @@ func (s *DockerSuite) TestRunSeccompProfileDenyCloneUserns(c *check.C) { // TestRunSeccompUnconfinedCloneUserns checks that // 'docker run --security-opt seccomp:unconfined syscall-test' allows creating a userns. func (s *DockerSuite) TestRunSeccompUnconfinedCloneUserns(c *check.C) { - testRequires(c, SameHostDaemon, seccompEnabled, NotUserNamespace) + testRequires(c, SameHostDaemon, seccompEnabled, UserNamespaceInKernel, NotUserNamespace) // make sure running w privileged is ok runCmd := exec.Command(dockerBinary, "run", "--security-opt", "seccomp:unconfined", "syscall-test", "userns-test", "id") @@ -829,7 +829,7 @@ func (s *DockerSuite) TestRunSeccompUnconfinedCloneUserns(c *check.C) { // TestRunSeccompAllowPrivCloneUserns checks that 'docker run --privileged syscall-test' // allows creating a userns. func (s *DockerSuite) TestRunSeccompAllowPrivCloneUserns(c *check.C) { - testRequires(c, SameHostDaemon, seccompEnabled, NotUserNamespace) + testRequires(c, SameHostDaemon, seccompEnabled, UserNamespaceInKernel, NotUserNamespace) // make sure running w privileged is ok runCmd := exec.Command(dockerBinary, "run", "--privileged", "syscall-test", "userns-test", "id") diff --git a/integration-cli/requirements.go b/integration-cli/requirements.go index ff7ffd000d..6b89494f91 100644 --- a/integration-cli/requirements.go +++ b/integration-cli/requirements.go @@ -140,6 +140,19 @@ var ( }, "Test requires native Golang compiler instead of GCCGO", } + UserNamespaceInKernel = testRequirement{ + func() bool { + if _, err := os.Stat("/proc/self/uid_map"); os.IsNotExist(err) { + /* + * This kernel-provided file only exists if user namespaces are + * supported + */ + return false + } + return true + }, + "Kernel must have user namespaces configured.", + } NotUserNamespace = testRequirement{ func() bool { root := os.Getenv("DOCKER_REMAP_ROOT")