system/systemd
system/systemd
1
0
Fork 0
mirror of https://github.com/systemd/systemd synced 2024-07-01 07:34:28 +00:00
Code Issues Projects Releases Wiki Activity

test: skip test-cgroup-id on ENOSYS from cg_cgroupid_open

Browse Source 
Most container managers will block open_by_handle_at with seccomp to
mitigate a container escape attack. LXD in particular returns ENOSYS
rather than e.g. EPERM like nspawn. Skip this test if we get ENOSYS
from open_by_handle_at via cg_cgroupid_open.
This commit is contained in:
Nick Rosbrook 2024-06-20 11:27:03 -04:00 committed by Lennart Poettering
parent 2c1ada796a
commit 82f57401d9
1 changed files with 2 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/test/test-cgroup.c
View File

@ -159,6 +159,8 @@ TEST(id) {
if (ERRNO_IS_NEG_PRIVILEGE(fd2))
log_notice("Skipping open-by-cgroup-id test because lacking privs.");
else if (ERRNO_IS_NEG_NOT_SUPPORTED(fd2))
log_notice("Skipping open-by-cgroup-id test because syscall is missing or blocked.");
else {
assert_se(fd2 >= 0);