tests: containers: Skip if setgroups file does not exist.

Fixes bug #21226.

Linux 3.19 introduced a fix for a security vulnerability in user namespaces.
This fix introduced a new proc file called 'setgroups' and was backported to
many older kernels.  However, some users run a kernel that is new enough to
support user namespaces yet old enough to not include the patch, so we must
skip the tests.

* tests/containers.scm: Skip all tests if /proc/self/setgroups does not exist.

diff --git a/tests/containers.scm b/tests/containers.scm
index cc90f1e..4783f8e 100644 (file)
--- a/tests/containers.scm
+++ b/tests/containers.scm
@@ -26,8 +26,10 @@
 (define (assert-exit x)
   (primitive-exit (if x 0 1)))
 
-;; Skip these tests unless user namespaces are available.
-(unless (file-exists? "/proc/self/ns/user")
+;; Skip these tests unless user namespaces are available and the setgroups
+;; file (introduced in Linux 3.19 to address a security issue) exists.
+(unless (and (file-exists? "/proc/self/ns/user")
+             (file-exists? "/proc/self/setgroups"))
   (exit 77))
 
 (test-begin "containers")