From 82f57401d933596746c32a955773bc70be53b0ac Mon Sep 17 00:00:00 2001 From: Nick Rosbrook Date: Thu, 20 Jun 2024 11:27:03 -0400 Subject: [PATCH] test: skip test-cgroup-id on ENOSYS from cg_cgroupid_open Most container managers will block open_by_handle_at with seccomp to mitigate a container escape attack. LXD in particular returns ENOSYS rather than e.g. EPERM like nspawn. Skip this test if we get ENOSYS from open_by_handle_at via cg_cgroupid_open. --- src/test/test-cgroup.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/test/test-cgroup.c b/src/test/test-cgroup.c index 8bd4af94e4..040e9e9c12 100644 --- a/src/test/test-cgroup.c +++ b/src/test/test-cgroup.c @@ -159,6 +159,8 @@ TEST(id) { if (ERRNO_IS_NEG_PRIVILEGE(fd2)) log_notice("Skipping open-by-cgroup-id test because lacking privs."); + else if (ERRNO_IS_NEG_NOT_SUPPORTED(fd2)) + log_notice("Skipping open-by-cgroup-id test because syscall is missing or blocked."); else { assert_se(fd2 >= 0);