Reported by myglc2 <myglc2@gmail.com>
at <http://bugs.gnu.org/23836>.
* tests/containers.scm (skip-if-unsupported): New procedure.
Call it before each test.
;; Skip these tests unless user namespaces are available and the setgroups
;; file (introduced in Linux 3.19 to address a security issue) exists.
;; Skip these tests unless user namespaces are available and the setgroups
;; file (introduced in Linux 3.19 to address a security issue) exists.
-(unless (and (user-namespace-supported?)
- (unprivileged-user-namespace-supported?)
- (setgroups-supported?))
- (test-skip 7))
+(define (skip-if-unsupported)
+ (unless (and (user-namespace-supported?)
+ (unprivileged-user-namespace-supported?)
+ (setgroups-supported?))
+ (test-skip 1)))
(test-assert "call-with-container, exit with 0 when there is no error"
(zero?
(call-with-container '() (const #t) #:namespaces '(user))))
(test-assert "call-with-container, exit with 0 when there is no error"
(zero?
(call-with-container '() (const #t) #:namespaces '(user))))
(test-assert "call-with-container, user namespace"
(zero?
(call-with-container '()
(test-assert "call-with-container, user namespace"
(zero?
(call-with-container '()
(assert-exit (and (zero? (getuid)) (zero? (getgid)))))
#:namespaces '(user))))
(assert-exit (and (zero? (getuid)) (zero? (getgid)))))
#:namespaces '(user))))
(test-assert "call-with-container, uts namespace"
(zero?
(call-with-container '()
(test-assert "call-with-container, uts namespace"
(zero?
(call-with-container '()
(primitive-exit 0))
#:namespaces '(user uts))))
(primitive-exit 0))
#:namespaces '(user uts))))
(test-assert "call-with-container, pid namespace"
(zero?
(call-with-container '()
(test-assert "call-with-container, pid namespace"
(zero?
(call-with-container '()
(status:exit-val status)))))))
#:namespaces '(user pid))))
(status:exit-val status)))))))
#:namespaces '(user pid))))
(test-assert "call-with-container, mnt namespace"
(zero?
(call-with-container '(("none" device "/testing" "tmpfs" () #f #f))
(test-assert "call-with-container, mnt namespace"
(zero?
(call-with-container '(("none" device "/testing" "tmpfs" () #f #f))
(assert-exit (file-exists? "/testing")))
#:namespaces '(user mnt))))
(assert-exit (file-exists? "/testing")))
#:namespaces '(user mnt))))
(test-equal "call-with-container, mnt namespace, wrong bind mount"
`(system-error ,ENOENT)
;; An exception should be raised; see <http://bugs.gnu.org/23306>.
(test-equal "call-with-container, mnt namespace, wrong bind mount"
`(system-error ,ENOENT)
;; An exception should be raised; see <http://bugs.gnu.org/23306>.
(lambda args
(list 'system-error (system-error-errno args)))))
(lambda args
(list 'system-error (system-error-errno args)))))
(test-assert "call-with-container, all namespaces"
(zero?
(call-with-container '()
(lambda ()
(primitive-exit 0)))))
(test-assert "call-with-container, all namespaces"
(zero?
(call-with-container '()
(lambda ()
(primitive-exit 0)))))
(test-assert "container-excursion"
(call-with-temporary-directory
(lambda (root)
(test-assert "container-excursion"
(call-with-temporary-directory
(lambda (root)